HIGH
js-cookie
CVE published 2026-06-10
CVE-2026-46625
CVE-2026-46625 is a high-severity vulnerability in the JavaScript Cookie API, which allows attackers to hijack cookie attributes. The vulnerability exists in versions prior to 3.0.7 of the js-cookie library. An attacker can exploit this vulnerability by manipulating the prototype of the merged attributes object, allowing them to set arbitrary attributes on cookies, including domain, secure, samesite, expi [truncated]