PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-16008 sagold CVE debrief

CVE-2026-16008 is a security vulnerability detected in sagold json-schema-library versions 11.5.0 and 11.5.1. The vulnerability affects the parsePropertyDependencies function in the src/keywords/propertyDependencies.ts file. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can be initiated remotely. Upgrading to version 11.6.0 will fix this issue. The identifier of the patch is 432287ee6f68a02ce6f015354618486ec427a32d. This vulnerability has a CVSS score of 2.1 and a severity of LOW. The CVE record was published on 2026-07-17T11:17:13.080Z and has not been modified since then.

Vendor
sagold
Product
json-schema-library
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of sagold json-schema-library versions 11.5.0 and 11.5.1 should be aware of this vulnerability and take steps to upgrade to version 11.6.0. This includes operators, platform administrators, vulnerability management teams, and security teams who may be impacted by the vulnerability.

Technical summary

The vulnerability is caused by a flaw in the parsePropertyDependencies function of the src/keywords/propertyDependencies.ts file in sagold json-schema-library versions 11.5.0 and 11.5.1. This flaw allows for improperly controlled modification of object prototype attributes, which can be exploited remotely. The vulnerability has a CVSS score of 2.1 and a severity of LOW. Users of sagold json-schema-library versions 11.5.0 and 11.5.1 should be aware of this vulnerability and take steps to upgrade to version 11.6.0. The identifier of the patch is 432287ee6f68a02ce6f015354618486ec427a32d.

Defensive priority

Low

Recommended defensive actions

  • Upgrade to version 11.6.0 of sagold json-schema-library
  • Review and monitor the affected component for potential exploitation
  • Implement compensating controls to detect and prevent attacks
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-17T11:17:13.080Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity. The vulnerability affects sagold json-schema-library versions 11.5.0 and 11.5.1, and upgrading to version 11.6.0 will fix this issue. Defenders should review the official advisory and monitor for potential exploitation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T11:17:13.080Z and has not been modified since then.