Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3.
AnalysisAI
Prototype pollution in EvoMap Evolver versions prior to 1.69.3 allows local attackers with high privileges to inject malicious properties into Object.prototype via unfiltered Object.assign() calls in the mailbox store module, potentially modifying the behavior of all JavaScript objects and causing information disclosure or denial of service. The vulnerability requires file system write access to the messages.jsonl persistence file and high privileges, limiting real-world exploitability to insider or local compromise scenarios.
Technical ContextAI
The vulnerability exists in the mailbox store module (src/proxy/mailbox/store.js) where the _applyUpdate() and _updateRecord() functions use Object.assign() to merge user-controlled data from the messages.jsonl JSONL file into internal objects without sanitizing dangerous prototype-chain keys (__proto__, constructor, prototype). When a crafted JSONL entry containing __proto__ as a field key is processed during index rebuild or record updates, the unsafe merge operation pollutes the prototype chain of all JavaScript objects in the running process. This is classified as CWE-1321 (Improperly Controlled Modification of Object-prototype Attributes in JavaScript).
RemediationAI
Upgrade EvoMap Evolver to version 1.69.3 or later immediately. The patched version (1.69.3) available at https://github.com/EvoMap/evolver/releases/tag/v1.69.3 implements filtering of dangerous prototype-chain keys (__proto__, constructor, prototype) in the Object.assign() merge operations. For npm users, run 'npm install @evomap/evolver@1.69.3' or update package.json and reinstall. If immediate upgrade is not possible, restrict file system write permissions to the messages.jsonl file to users and processes that absolutely require update capability, and audit user and service account privileges on systems running Evolver to ensure only necessary accounts have write access to the mailbox persistence files.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27012