CVE-2026-25047 – deepHas vulnerable to Prototype Pollution via constructor.prototype

CVE ID : CVE-2026-25047

Published : Jan. 29, 2026, 10:15 p.m. | 54 minutes ago

Description : deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-15322 – Tanium addressed an improper access controls vulnerability in Tanium Server.

CVE-2026-1638 – Tenda AC21 mDMZSetCfg command injection

CVE-2026-1665 – Command Injection in nvm via NVM_AUTH_HEADER in wget code path

CVE-2026-1637 – Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow