Prototype Pollution Vulnerability in sagold json-schema-library
CVE-2026-16008

5.3MEDIUM

Key Information:

Vendor

Sagold

Vendor
CVE Published:
17 July 2026

What is CVE-2026-16008?

A security vulnerability has been identified in the sagold json-schema-library versions 11.5.0 and 11.5.1. This vulnerability affects the parsePropertyDependencies function located in src/keywords/propertyDependencies.ts. It allows an attacker to remotely manipulate and control object prototype attributes, potentially leading to severe security implications. Users are strongly encouraged to upgrade to version 11.6.0, where this issue has been addressed, ensuring enhanced protection against this threat.

Affected Version(s)

json-schema-library 11.5.0

json-schema-library 11.5.1

json-schema-library 11.6.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wjm1 (VulDB User)
.