Medium severity6.5NVD Advisory· Published Apr 15, 2026· Updated Apr 17, 2026
CVE-2026-5758
CVE-2026-5758
Description
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
protocol-buffers-schemanpm | < 3.6.1 | 3.6.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-j452-xhg8-qg39ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-5758ghsaADVISORY
- github.com/mafintosh/protocol-buffers-schema/pull/70nvdWEB
- morielharush.github.io/2026/04/12/cve-2026-5758-protocol-buffers-schema-prototype-pollutionghsaWEB
- morielharush.github.io/2026/04/12/cve-2026-5758-protocol-buffers-schema-prototype-pollution/nvd
News mentions
0No linked articles in our index yet.