CVE-2026-23736
seroval Affected by Prototype Pollution via JSON Deserialization
7.3
HIGH
CVSS 3.1
EPSS 0.33%
Description
Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality. As there is no known workaround, please upgrade to the latest version.
How to fix CVE-2026-23736
To remediate CVE-2026-23736, upgrade the affected package to a fixed version below.
- —upgrade to 1.4.1 or later
Is CVE-2026-23736 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |