CVE-2026-8657 | jsondiffpatch up to 0.7.5 jsonpatch.patch jsondiffpatch.patch prototype pollution (SNYK-JS-JSONDIFFPATCH-16322990)

Inserito da Angelo Barbosa | Mag 16, 2026 | CVE

A vulnerability was found in jsondiffpatch up to 0.7.5 and classified as critical. This vulnerability affects the function jsondiffpatch.patch of the file jsondiffpatch/formatters/jsonpatch.patch. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.

This vulnerability is tracked as CVE-2026-8657. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-8657 | jsondiffpatch up to 0.7.5 jsonpatch.patch jsondiffpatch.patch prototype pollution (SNYK-JS-JSONDIFFPATCH-16322990)

Post correlati

CVE-2024-7837 | Firmanet Software ERP up to 22.11.2024 sql injection

CVE-2026-27002 | OpenClaw/Clawdbot/Moltbot up to 2026.2.14 Setting unnecessary privileges

CVE-2025-27647 | Vasion Print Virtual Appliance Host improper authentication

CVE-2024-4405 | Xiaomi Pro 13 Mimarket cross site scripting