PatchSiren

hey-api CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM hey-api CVE published 2026-07-17

CVE-2026-48819

CVE-2026-48819 is a vulnerability in the Hey API ecosystem that could allow for potential code injection via generated SDKs. The issue arises from the way runtime templates are handled in the generation of SDKs, specifically in the handling of unknown slot-prefixed keys. This could potentially allow an attacker to inject malicious code. The vulnerability exists in the dist/clients/core/params.ts file, whi [truncated]