Skip to main content

Prototype Pollution CVE-2026-33672

MEDIUM
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-03-25 https://github.com/micromatch/picomatch
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 25, 2026 - 21:17 vuln.today
Patch released
Mar 25, 2026 - 21:17 nvd
Patch available
CVE Published
Mar 25, 2026 - 21:13 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on picomatch (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 4.0.0.

DescriptionGitHub Advisory

Impact

picomatch is vulnerable to a method injection vulnerability (CWE-1321) affecting the POSIX_REGEX_SOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions (e.g., [[:constructor:]]) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression.

This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control.

All users of affected picomatch versions that process untrusted or user-controlled glob patterns are potentially impacted.

Patches

This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2.

Users should upgrade to one of these versions or later, depending on their supported release line.

Workarounds

If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch.

Possible mitigations include:

  • Sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like [[:...:]].
  • Avoiding the use of POSIX bracket expressions if user input is involved.
  • Manually patching the library by modifying POSIX_REGEX_SOURCE to use a null prototype:
js
  const POSIX_REGEX_SOURCE = {
    __proto__: null,
    alnum: 'a-zA-Z0-9',
    alpha: 'a-zA-Z',
    // ... rest unchanged
  };
### Resources

- fix for similar issue: https://github.com/micromatch/picomatch/pull/144
- picomatch repository https://github.com/micromatch/picomatch

AnalysisAI

picomatch is vulnerable to a method injection vulnerability (CWE-1321) in its POSIX_REGEX_SOURCE object that allows specially crafted POSIX bracket expressions like [[:constructor:]] to reference inherited Object.prototype methods, causing these methods to be stringified and injected into generated regular expressions. This affects all versions of the npm package picomatch prior to 2.3.2, 3.0.2, and 4.0.4, and can cause incorrect glob matching behavior leading to integrity violations where patterns match unintended filenames; while this does not enable remote code execution, it can compromise security-relevant logic in applications using glob matching for filtering, validation, or access control. The vulnerability is not listed in CISA KEV and has no widely published proof-of-concept, but patches are available from the vendor.

Technical ContextAI

picomatch is a popular npm package (CPE: pkg:npm/picomatch) used for glob pattern matching and file path filtering in Node.js applications. The vulnerability stems from CWE-1321 (Improper Validation of Unsafe Equivalence in Regular Expression) combined with prototype pollution concepts. The POSIX_REGEX_SOURCE object, which maps POSIX character class names (like alnum, alpha, digit) to their regex equivalents, inherits from Object.prototype due to standard JavaScript object construction. When processing user-supplied glob patterns containing malicious POSIX bracket expressions such as [[:constructor:]], the library does not sanitize these inputs before interpolating them into regex patterns. JavaScript's prototype chain allows access to inherited properties and methods, and when these method references are stringified and embedded into the regular expression source code, they alter the matching behavior in unintended ways. This is a direct result of insufficient input validation of POSIX character class syntax.

RemediationAI

Upgrade picomatch to version 2.3.2 or later (2.x line), 3.0.2 or later (3.x line), or 4.0.4 or later (4.x line) depending on the currently deployed release line. See the official vendor advisory at https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p for patch details and the fix commit at https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903. If immediate patching is not possible, implement input validation by sanitizing or rejecting untrusted glob patterns that contain POSIX character class syntax (e.g., patterns matching /\[\[:[^:]+:\]\]/), or avoid using POSIX bracket expressions for user-controlled input. As a temporary manual patch, modify the POSIX_REGEX_SOURCE object to use a null prototype (__proto__: null) to prevent prototype chain traversal, though this should only serve as a stopgap until the vendor patch is deployed.

CVE-2026-34621 HIGH POC
8.6 Apr 11

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu

CVE-2024-56059 CRITICAL
9.8 Dec 18

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau

CVE-2020-28271 CRITICAL POC
9.8 Nov 12

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service

CVE-2023-38894 CRITICAL POC
9.8 Aug 16

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi

CVE-2024-24292 CRITICAL POC
9.8 Mar 28

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function

CVE-2023-26121 CRITICAL POC
10.0 Apr 11

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s

CVE-2021-23449 CRITICAL POC
10.0 Oct 18

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr

CVE-2024-39011 CRITICAL POC
9.8 Jul 30

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser

CVE-2024-38988 CRITICAL POC
9.8 Mar 28

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde

CVE-2025-57347 CRITICAL POC
9.8 Sep 24

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf

CVE-2025-57321 CRITICAL POC
9.8 Sep 24

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all

CVE-2024-45435 CRITICAL POC
9.8 Aug 29

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this

Vendor StatusVendor

Share

CVE-2026-33672 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy