CVE-2026-8657 | jsondiffpatch up to 0.7.5 jsonpatch.patch jsondiffpatch.patch prototype pollution (SNYK-JS-JSONDIFFPATCH-16322990)

Inserito da Angelo Barbosa | Mag 16, 2026 | CVE

A vulnerability was found in jsondiffpatch up to 0.7.5 and classified as critical. This vulnerability affects the function jsondiffpatch.patch of the file jsondiffpatch/formatters/jsonpatch.patch. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.

This vulnerability is tracked as CVE-2026-8657. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-8657 | jsondiffpatch up to 0.7.5 jsonpatch.patch jsondiffpatch.patch prototype pollution (SNYK-JS-JSONDIFFPATCH-16322990)

Post correlati

CVE-2024-34209 | Totolink CP450 4.1.0cu.747_B20191224 setIpPortFilterRules stack-based overflow

CVE-2025-13140 | SurveyJS Plugin up to 1.12.20 on WordPress SurveyJS_DeleteSurvey cross-site request forgery

CVE-2024-56066 | Inspry Agency Toolkit Plugin up to 1.0.23 on WordPress authorization

CVE-2024-1906 | Categorify Plugin up to 1.0.7.4 on WordPress categorifyAjaxAddCategory cross-site request forgery