Critical severity9.8NVD Advisory· Published Feb 10, 2026· Updated Apr 15, 2026
CVE-2026-1774
CVE-2026-1774
Description
CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@casl/abilitynpm | >= 2.4.0, < 6.7.5 | 6.7.5 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-x9vf-53q3-cvx6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1774ghsaADVISORY
- cwe.mitre.org/data/definitions/1321.htmlnvdWEB
- developer.mozilla.org/en-US/docs/Web/Security/Attacks/Prototype_pollutionnvdWEB
- github.com/stalniy/casl/commit/39da920ec1dfadf3655e28bd0389e960ac6871f4ghsaWEB
- github.com/stalniy/casl/pull/1093ghsaWEB
- github.com/stalniy/casl/tree/master/packages/casl-abilitynvdWEB
- www.kb.cert.org/vuls/id/458422nvdWEB
News mentions
0No linked articles in our index yet.