CVE-2026-23736 in serovalالمعلومات

الملخص

بحسب MITRE • 22/01/2026

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

15/01/2026

إفشاء

22/01/2026

الاعتدال

تمت الموافقة

إدخال

VDB-342250

CPE

جاهز

CWE

CWE-1321 (مؤكد)

CVSS

9.8 (NVD)

EPSS

0.00333

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23736
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23736
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23736/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!