Skip to main content

Prototype Pollution CVE-2026-35209

HIGH
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-04-04 https://github.com/unjs/defu GHSA-737v-mqg7-c878
Authentication Bypass Prototype Pollution
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 23:52 vuln.today
cvss_changed
Patch released
Apr 04, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 04, 2026 - 06:30 vuln.today
CVE Published
Apr 04, 2026 - 06:17 nvd
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 10 npm packages depend on defu (7 direct, 3 indirect)

Ecosystem-wide dependent count for version 6.1.5.

DescriptionNVD

Impact

Applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to defu() are vulnerable to prototype pollution.

A crafted payload containing a __proto__ key can override intended default values in the merged result:

js
import { defu } from 'defu'

const userInput = JSON.parse('{"__proto__":{"isAdmin":true}}')
const config = defu(userInput, { isAdmin: false })

config.isAdmin // true - attacker overrides the server default

Root Cause

The internal _defu function used Object.assign({}, defaults) to copy the defaults object. Object.assign invokes the __proto__ setter, which replaces the resulting object's [[Prototype]] with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing __proto__ key guard in the for...in loop and land in the final result.

Fix

Replace Object.assign({}, defaults) with object spread ({ ...defaults }), which uses [[DefineOwnProperty]] and does not invoke the __proto__ setter.

Affected Versions

<= 6.1.4

Credits

Reported by @BlackHatExploitation

AnalysisAI

Prototype pollution in defu npm package (≤6.1.4) allows remote attackers to override application logic by injecting __proto__ keys through unsanitized user input. The vulnerability enables authentication bypass and arbitrary property injection when applications merge untrusted JSON, database records, or configuration data using defu(). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all applications using defu ≤6.1.4 via software composition analysis (SCA) tools and audit code for usage patterns merging untrusted data. Within 7 days: Evaluate upgrade path to defu ≥6.1.5 or newer if available; if unavailable, implement input validation and sanitization to strip __proto__, prototype, and constructor keys from all JSON before defu() operations. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-35209 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy