MEDIUM
hey-api
CVE published 2026-07-17
CVE-2026-48819
CVE-2026-48819 is a vulnerability in the Hey API ecosystem that could allow for potential code injection via generated SDKs. The issue arises from the way runtime templates are handled in the generation of SDKs, specifically in the handling of unknown slot-prefixed keys. This could potentially allow an attacker to inject malicious code. The vulnerability exists in the dist/clients/core/params.ts file, whi [truncated]