A vulnerability categorized as critical has been discovered in shell-quote up to 1.8.3 . This impacts the function quote . Such manipulation leads to os command injection. This vulnerability is listed as CVE-2026-9277 . The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.