Storage Explorer Version
1.43.0
Regression From
No response
Architecture
x64
Storage Explorer Build Number
20260407.6
Platform
Windows
OS Version
Windows Server 2019 Datacenter.
Bug Description
We're getting flagged by Tanium for CVE-2026-41907 on path:
\Program Files\Microsoft Azure Storage Explorer\resources\app\node_modules\uuid
The fix is to update UUID, which is "fixed in 14" according to https://nvd.nist.gov/vuln/detail/CVE-2026-41907"
Opening the script on that path confirms that it's running 9.0.1.
Resource Types
No response
Authentication Method
Shared access signature (SAS)
Connection Type
Attachment
Steps to Reproduce
- Install Storage Explorer
- Confirm version of UUID that's installed in path C:\Program Files\Microsoft Azure Storage Explorer\resources\app\node_modules\uuid\package.json
Actual Experience
We're getting flagged by our security platform because of ASE's UUID version: 9.0.1. The CVE says 11 semi fixes it, and 14 totally fixes it.
Expected Experience
Expected : no security issue because we're not on the 2023 UUID package.
Additional Context
No response
Storage Explorer Version
1.43.0
Regression From
No response
Architecture
x64
Storage Explorer Build Number
20260407.6
Platform
Windows
OS Version
Windows Server 2019 Datacenter.
Bug Description
We're getting flagged by Tanium for CVE-2026-41907 on path:
\Program Files\Microsoft Azure Storage Explorer\resources\app\node_modules\uuid
The fix is to update UUID, which is "fixed in 14" according to https://nvd.nist.gov/vuln/detail/CVE-2026-41907"
Opening the script on that path confirms that it's running 9.0.1.
Resource Types
No response
Authentication Method
Shared access signature (SAS)
Connection Type
Attachment
Steps to Reproduce
Actual Experience
We're getting flagged by our security platform because of ASE's UUID version: 9.0.1. The CVE says 11 semi fixes it, and 14 totally fixes it.
Expected Experience
Expected : no security issue because we're not on the 2023 UUID package.
Additional Context
No response