PatchSiren

jsonpath CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH jsonpath CVE published 2026-02-09

CVE-2026-1615

CVE-2026-1615 is a high-severity vulnerability in the jsonpath package, affecting versions before 1.3.0. The vulnerability allows for arbitrary code injection via unsafe evaluation of user-supplied JSON Path expressions. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node [truncated]