VULNRABLE / Vulnerability / CVE-2026-48054
CVE-2026-48054
HIGH @openzeppelin/wizard GHSA
CVSS Score
8
Severity
HIGH
EPSS
0%
Source
GHSA
Summary
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri
What this means
CVE-2026-48054 is a high-severity vulnerability affecting @openzeppelin/wizard, rated CVSS 8. The EPSS model estimates a 0% probability of exploitation in the next 30 days. Published June 11, 2026.
View full advisory at GHSA →