Skip to main content

json-schema-ref-parser EUVDEUVD-2026-42651

| CVE-2026-15195 LOW
Code Injection (CWE-94)
2026-07-09 cna@vuldb.com GHSA-hghm-9vcp-cxvv
2.1
CVSS 4.0 · Vendor: vuldb

Severity by source

Vendor (vuldb) PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-reachable prototype pollution requiring low privileges; scope unchanged as direct impact is limited to vulnerable system with L/L/L impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 18:31 vuln.today

DescriptionCVE.org

A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. Upgrading to version 15.3.6 will fix this issue. This patch is called a786bc6afc3674f650496472ee93d5cf74c4bd84. It is suggested to upgrade the affected component.

AnalysisAI

Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low privileges
Delivery
Submit crafted JSON Schema with __proto__ $ref path
Exploit
Trigger Pointer.set to pollute Object prototype
Execution
Propagate polluted property to downstream code sink
Impact
Achieve code injection or data manipulation

Vulnerability AssessmentAI

Exploitation The application must pass attacker-influenced or externally-sourced JSON Schema or OpenAPI documents to json-schema-ref-parser for $ref resolution - this is the specific triggering condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) reflects constrained direct impact: exploitation requires low privileges, and the vulnerable system's confidentiality, integrity, and availability impacts are all rated Low with no subsequent-system impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-level access to an application (e.g., a registered API user) submits a crafted JSON Schema document containing a $ref pointer path targeting __proto__ or constructor.prototype. When the application passes this schema to json-schema-ref-parser for dereferencing, the Pointer.set function writes the attacker-controlled value onto the global Object prototype. …
Remediation Upgrade json-schema-ref-parser to version 15.3.6 or later, which incorporates the fix at commit a786bc6afc3674f650496472ee93d5cf74c4bd84. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy