Cyber Posture

CVE-2026-46509

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 28 May 2026

Published
28 May 2026
Modified
28 May 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
EPSS Score N/A
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-46509 is a high-severity Prototype Pollution (CWE-1321) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

NVD Description

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-1321

References