HIGH
piscinajs
CVE published 2026-06-22
CVE-2026-55388
CVE-2026-55388 is a high-severity vulnerability in Piscina, a Node.js worker pool implementation. The vulnerability allows an attacker to execute arbitrary code by polluting the Object.prototype.filename property. This can occur when the Piscina constructor or run() method reads the filename option via plain member access, which falls through the prototype chain if the caller's options object doesn't have [truncated]