CVE-2026-35209
Prototype Pollution in defu Before 6.1.5 Allows Property Override
Publication date: 2026-04-06
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unjs | defu | to 6.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35209 is a prototype pollution vulnerability in the npm package "defu" affecting versions up to 6.1.4. The vulnerability occurs when applications pass unsanitized user input containing a crafted `__proto__` property as the first argument to the `defu()` function. This allows an attacker to override default object properties by modifying the prototype of the merged result.
The root cause is that the internal `_defu` function uses `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object's prototype with attacker-controlled values. This polluted prototype allows properties to bypass existing guards and land in the final merged object.
The vulnerability was fixed in version 6.1.5 by replacing `Object.assign({}, defaults)` with the object spread syntax `{ ...defaults }`, which does not invoke the `__proto__` setter, preventing prototype pollution.
How can this vulnerability impact me? :
This vulnerability allows an attacker to perform prototype pollution, which means they can inject or override properties on the prototype of objects used in the application. For example, an attacker can set properties like `isAdmin` to `true`, bypassing intended default security controls.
Because the attack requires no privileges or user interaction and can be exploited remotely via network vectors, it poses a high risk. The integrity of application data can be compromised, potentially allowing unauthorized modification of behavior or access controls.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves prototype pollution via the `__proto__` property in the defu library when unsanitized user input is passed to the defu() function. Detection involves checking if your application uses vulnerable versions of defu (up to 6.1.4) and whether it processes untrusted input through defu().
One way to detect exploitation attempts is to monitor for unusual prototype modifications, such as unexpected properties like `isAdmin` appearing on objects where they should not exist.
Since the vulnerability is triggered by crafted JSON payloads containing a `__proto__` key, you can search logs or network traffic for JSON inputs with `"__proto__"` keys.
- Use grep or similar tools to search application logs or request bodies for the string `"__proto__"`.
- Example command to search logs: `grep -r '"__proto__"' /path/to/logs/`
- In Node.js applications, you can add runtime checks or logging to detect if objects have unexpected prototype properties, for example by checking if `{}.isAdmin` is unexpectedly defined.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade the defu library to version 6.1.5 or later, which includes a fix that prevents prototype pollution by replacing `Object.assign({}, defaults)` with object spread syntax `{ ...defaults }` and explicitly ignoring `__proto__` and `constructor` keys during merging.
If upgrading immediately is not possible, ensure that any user input passed to defu() is sanitized to remove or reject objects containing the `__proto__` key.
Additionally, review your application code to avoid passing untrusted input directly as the first argument to defu().
- Upgrade defu to version 6.1.5 or later.
- Sanitize or validate user input to exclude `__proto__` keys before passing to defu.
- Audit code to prevent untrusted input from being used as the first argument to defu().
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to perform prototype pollution, which can lead to unauthorized modification of application data integrity by overriding default values. While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, such unauthorized data manipulation could potentially impact compliance by undermining data integrity and security controls required by these regulations.
Specifically, the vulnerability has a high integrity impact (as per CVSS v3.1) but no confidentiality or availability impact. This means that while data confidentiality and availability may not be directly affected, the integrity of data can be compromised, which is a critical aspect of compliance frameworks that mandate protection against unauthorized data alteration.