HomeCVE Intelligence › CVE-2026-46681
CVSS 7.5 HIGH Vulnerability

CVE-2026-46681: @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without…

Summary The _copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys (__proto__, constructor, protot…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-46681
Vendornpm
Affected Product@nevware21/ts-utils
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary The _copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys (__proto__, constructor, prototype). This allows an attacker to pollute the prototype chain of all objects in the application.

Details In _copyProps() (copy.ts lines 186-191), the code iterates all enumerable properties including inherited ones and dangerous keys like __proto__. Any object with a __proto__ key (e.g., from untrusted JSON input) will overwrite the target's prototype.

PoC

`` const malicious = JSON.parse('{"__proto__": {"polluted": true}}'); objDeepCopy(malicious); console.log({}.polluted); // true `` #

Suggested Fix Add objHasOwnProperty check and filter __proto__, constructor, p

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-46681 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence