CVE-2026-44646
Received Received - Intake
Prototype Chain Property Leak in LiquidJS Template Engine

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: GitHub, Inc.

Description
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn() creates a child Context for the {% render %} tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly (the instance-level option), silently discarding any RenderOptions.ownPropertyOnly override that was supplied to parseAndRender(). As a result, a developer who runs a Liquid instance with the backwards-compatible ownPropertyOnly:false and then locks down an untrusted render with parseAndRender(..., { ownPropertyOnly: true }) still leaks prototype-chain properties from inside any {% render %} partial. This is a distinct exploit surface from the previously identified array-filter variants (where, reject, group_by, find, find_index, has) β€” the underlying root cause in Context.spawn() is shared, but {% render %} is a separately reachable sink that needs no filter usage. This issue has been fixed in version 10.26.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-18
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-44646
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
liquidjs liquidjs to 10.26.0 (exc)
liquidjs liquidjs 10.26.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in LiquidJS versions 10.25.7 and below. It involves the Context.spawn() function, which creates a child context for the {% render %} tag but fails to propagate the parent context's resolved ownPropertyOnly value. Instead, the new context derives ownPropertyOnly from the instance-level option, ignoring any override supplied to parseAndRender().

As a result, even if a developer locks down an untrusted render with parseAndRender(..., { ownPropertyOnly: true }), prototype-chain properties can still leak from inside any {% render %} partial. This creates a silent bypass and a distinct exploit surface separate from previously known array-filter related vulnerabilities.

This issue was fixed in version 10.26.0.

Impact Analysis

The vulnerability can lead to leakage of prototype-chain properties during template rendering with the {% render %} tag, even when protections are intended to be in place. This means sensitive or unintended data from the prototype chain could be exposed in rendered output.

Such leakage could allow attackers or untrusted users to access information they should not have, potentially leading to information disclosure.

The CVSS base score of 5.3 indicates a medium severity impact, with network attack vector, low attack complexity, no privileges required, and no user interaction needed.

Mitigation Strategies

To mitigate this vulnerability, upgrade LiquidJS to version 10.26.0 or later, where the issue with Context.spawn() and the {% render %} tag has been fixed.

Avoid running Liquid instances with the backwards-compatible ownPropertyOnly:false setting if you rely on untrusted render inputs, as this setting allows prototype-chain property leaks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart