Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execution.
AnalysisAI
Prototype pollution in MongoDB Compass's CSV import parsing logic creates a '1-click' command execution path across versions 1.36.x through 1.49.5. A crafted CSV file can pollute JavaScript object prototypes during the import workflow, causing untrusted file paths to reach Electron's shell.openExternal() API and be executed by the operating system's default handler. No public exploit code has been identified and this CVE is absent from CISA KEV, but the passive user-interaction requirement - simply importing a CSV as part of routine database work - makes targeted social engineering a credible delivery vector in data-heavy environments.
Technical ContextAI
MongoDB Compass is an Electron-based desktop GUI for MongoDB, running Node.js inside a Chromium shell. The root cause is CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes - Prototype Pollution): the CSV parsing logic during the data import workflow fails to sanitize column keys such as __proto__ or constructor.prototype, allowing an attacker-controlled CSV to inject properties onto the global JavaScript Object prototype. Downstream code paths that rely on inherited prototype properties can then reference attacker-supplied values. Specifically, the polluted prototype causes untrusted file paths - but explicitly not command-line arguments, per the description - to flow into Electron's shell.openExternal() function. In Electron, shell.openExternal() delegates execution to the host OS default protocol or file handler, meaning a polluted path could cause the OS to open a local script, binary, or custom-protocol URI. The CPE entry cpe:2.3:a:mongodb,_inc.:compass:*:*:*:*:*:*:*:* covers all versions in the confirmed affected range.
RemediationAI
No specific patched version has been confirmed in the available data; the vendor tracking reference MongoDB Jira COMPASS-10657 (https://jira.mongodb.org/browse/COMPASS-10657) should be monitored for a confirmed fix release and upgrade instructions. Until a patch is confirmed, the most targeted compensating control is restricting CSV imports in Compass to files sourced exclusively from internally controlled, trusted systems - specifically prohibiting imports of CSV files received via email attachments, external file shares, or user-submitted uploads, as these are the primary social-engineering delivery channels. Organizations deploying Compass in high-risk environments can additionally enforce endpoint policies that limit which applications shell.openExternal() can invoke, reducing the blast radius if the path-injection does occur. Note that fully disabling the CSV import feature would eliminate the attack surface entirely but removes a core Compass capability; this trade-off should be weighed against the threat model. Do not rely on network-layer controls alone - the vulnerability is triggered locally by user interaction with a file, not by a network request to Compass.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31127
GHSA-hwpv-w8h7-v7qm