CVE-2026-6621

CVSS v3.1

7.3

High

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The code repository of the project has not been active for many years.

Exploit

Fix

Prototype Pollution

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-94

Related Identifiers

CVE-2026-6621

Affected Products

Deep-Extend

CVE-2026-6621

Weakness Enumeration

Related Identifiers

Affected Products

References · 5