HIGH
ranfdev
CVE published 2026-05-28
CVE-2026-46509
CVE-2026-46509 documents a prototype pollution vulnerability in the deepobj JavaScript library, affecting versions prior to 1.0.3. The library provides utility functions for deep object manipulation (get, set, delete operations). The vulnerability occurs when property paths containing special keys (__proto__, constructor, or prototype) are processed, allowing modification of Object.prototype. This can lea [truncated]