CVE-2026-16008

Source
https://cve.org/CVERecord?id=CVE-2026-16008
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-16008.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-16008
Published
2026-07-17T10:30:10.843Z
Modified
2026-07-19T03:46:28.280240663Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
sagold json-schema-library propertyDependencies.ts parsePropertyDependencies prototype pollution
Details

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can be initiated remotely. Upgrading to version 11.6.0 will fix this issue. The identifier of the patch is 432287ee6f68a02ce6f015354618486ec427a32d. It is advisable to upgrade the affected component.

Database specific
{
    "cwe_ids": [
        "CWE-1321",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/16xxx/CVE-2026-16008.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/sagold/json-schema-library

Affected ranges

Type
GIT
Repo
https://github.com/sagold/json-schema-library
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "11.5.0"
        },
        {
            "last_affected": "11.5.0"
        },
        {
            "introduced": "11.5.1"
        },
        {
            "last_affected": "11.5.1"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

11.*
11.5.0
11.5.1
v11.*
v11.5.0
v11.5.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-16008.json"