i18next CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL i18next CVE published 2026-06-15

CVE-2026-48714

CVE-2026-48714 is a remote prototype pollution vulnerability in i18next-http-middleware versions prior to 3.9.7. The vulnerability occurs when the missingKeyHandler is exposed to untrusted input and used with i18next-fs-backend ≤ 2.6.5. This allows an attacker to pollute the Object.prototype, potentially leading to crashes, corrupted translation behavior, configuration poisoning, or bypasses of property-b [truncated]

CRITICAL i18next CVE published 2026-06-15

CVE-2026-48713

CVE-2026-48713 is a critical vulnerability in the i18next-fs-backend library, which allows for prototype pollution via crafted missing-key strings. This vulnerability affects versions prior to 2.6.6 and has a CVSS score of 9.1.