Skip to main content

Json Schema Library

1 CVEs product

Monthly

CVE-2026-16008 LOW PATCH Monitor

Prototype pollution in sagold json-schema-library 11.5.0 and 11.5.1 allows remote low-privileged attackers to corrupt the JavaScript Object prototype by supplying crafted schema definitions or input data containing reserved keys such as `__proto__` processed by the `parsePropertyDependencies` function. The CVSS 4.0 vector confirms low-privilege network exploitation with limited but real confidentiality, integrity, and availability impact; the E:P supplemental metric confirms proof-of-concept code exists. No CISA KEV listing is present, so confirmed mass exploitation is not established at time of analysis.

Prototype Pollution Information Disclosure Json Schema Library
NVD VulDB GitHub
CVSS 4.0
2.1
CVSS 2.1
LOW PATCH Monitor

Prototype pollution in sagold json-schema-library 11.5.0 and 11.5.1 allows remote low-privileged attackers to corrupt the JavaScript Object prototype by supplying crafted schema definitions or input data containing reserved keys such as `__proto__` processed by the `parsePropertyDependencies` function. The CVSS 4.0 vector confirms low-privilege network exploitation with limited but real confidentiality, integrity, and availability impact; the E:P supplemental metric confirms proof-of-concept code exists. No CISA KEV listing is present, so confirmed mass exploitation is not established at time of analysis.

Prototype Pollution Information Disclosure Json Schema Library
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy