PatchSiren cyber security CVE debrief
CVE-2026-16008 sagold CVE debrief
CVE-2026-16008 is a security vulnerability detected in sagold json-schema-library versions 11.5.0 and 11.5.1. The vulnerability affects the parsePropertyDependencies function in the src/keywords/propertyDependencies.ts file. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can be initiated remotely. Upgrading to version 11.6.0 will fix this issue. The identifier of the patch is 432287ee6f68a02ce6f015354618486ec427a32d. This vulnerability has a CVSS score of 2.1 and a severity of LOW. The CVE record was published on 2026-07-17T11:17:13.080Z and has not been modified since then.
- Vendor
- sagold
- Product
- json-schema-library
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of sagold json-schema-library versions 11.5.0 and 11.5.1 should be aware of this vulnerability and take steps to upgrade to version 11.6.0. This includes operators, platform administrators, vulnerability management teams, and security teams who may be impacted by the vulnerability.
Technical summary
The vulnerability is caused by a flaw in the parsePropertyDependencies function of the src/keywords/propertyDependencies.ts file in sagold json-schema-library versions 11.5.0 and 11.5.1. This flaw allows for improperly controlled modification of object prototype attributes, which can be exploited remotely. The vulnerability has a CVSS score of 2.1 and a severity of LOW. Users of sagold json-schema-library versions 11.5.0 and 11.5.1 should be aware of this vulnerability and take steps to upgrade to version 11.6.0. The identifier of the patch is 432287ee6f68a02ce6f015354618486ec427a32d.
Defensive priority
Low
Recommended defensive actions
- Upgrade to version 11.6.0 of sagold json-schema-library
- Review and monitor the affected component for potential exploitation
- Implement compensating controls to detect and prevent attacks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-17T11:17:13.080Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity. The vulnerability affects sagold json-schema-library versions 11.5.0 and 11.5.1, and upgrading to version 11.6.0 will fix this issue. Defenders should review the official advisory and monitor for potential exploitation.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T11:17:13.080Z and has not been modified since then.