CVE-2026-24888

Name of the Vulnerable Software and Affected Versions Maker.js versions up to and including 0.19.1

Description Maker.js is a 2D vector line drawing and shape modeling library for CNC and laser cutters. The makerjs.extendObject function copies properties from source objects without proper validation. Specifically, the function lacks hasOwnProperty() checks and does not filter dangerous keys, allowing inherited and potentially malicious properties to be copied to target objects. This can expose applications to security risks.

Recommendations Update to a version later than 0.19.1, such as version 0.19.2, which includes a fix available in commit 85e0f12bd868974b891601a141974f929dec36b8.