CVE-2026-8657

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6

Description Prototype Pollution occurs when attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like proto or constructor.prototype, allowing modification of Object.prototype. This can be triggered by supplying crafted delta or JSON Patch documents through the 'jsondiffpatch.patch()' and 'jsondiffpatch/formatters/jsonpatch.patch()' APIs.

Recommendations Update to version 0.7.6 or later.