Threats Tagged 'cve-2026-54335'
View all threats tagged with 'cve-2026-54335'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-54335'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-54335: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in feathersjs feathersCVE-2026-54335 0 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In 5.0.44 and earlier, the _.merge(target, source) utility exported by @feathersjs/commons recursively merges source into target by iterating Object.keys(source). When source was produced by JSON.parse and contains a __proto__, constructor, or prototype key, that key is returned as an own-enumerable property; the recursive merge then resolves target['__proto__'] to Object.prototype and writes attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. This issue is fixed in version 5.0.45. Join the discussion | CVE Database V5 | 07/17/2026, 20:56:51 UTC Added: 07/18/2026, 08:58:03 UTC |
Showing 1 to 1 of 1 result