CVE-2026-48819 in openapi-ts
Summary
by MITRE • 07/17/2026
Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body_, $headers_, $path_, and $query_ directly to the corresponding slot, allowing $query___proto__ alongside a legitimate q field to set params.query through params["query"]["__proto__"] = value, call Object.setPrototypeOf(params.query, value), and expose inherited attacker-controlled keys during for..in iteration. This issue is fixed in version 0.97.3.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/17/2026
The vulnerability resides within the API ecosystem's code generation process where the dist/clients/core/params.ts file contains a runtime template that gets embedded into generated SDKs as params.gen.ts. This template suffers from a critical prototype pollution flaw in the buildClientParams function that handles parameter processing for API clients. The function directly writes unknown slot-prefixed keys such as $body_, $headers_, $path_, and $query_ to their corresponding slots without proper sanitization or validation.
The technical implementation of this vulnerability enables attackers to manipulate object prototypes through specifically crafted parameters that contain malicious keys prefixed with double underscores. When an attacker sends a request containing both a legitimate q field and a $query___proto__ field, the buildClientParams function processes these inputs by writing the malicious proto key directly to params.query through the assignment params["query"]["_proto_"] = value. This operation effectively pollutes the prototype chain of the query object, allowing attackers to inject arbitrary properties into the Object.prototype.
The operational impact of this vulnerability is significant as it enables attackers to perform prototype pollution attacks that can lead to various downstream consequences including but not limited to property injection, method override, and potential code execution in environments where prototype manipulation is not properly restricted. The vulnerability specifically affects for..in iteration loops that traverse object properties, as these iterations will now include attacker-controlled inherited keys from the polluted prototype chain. This behavior can be exploited in contexts where generated SDKs handle user-provided input without proper validation or sanitization.
This vulnerability maps to CWE-471: "Modification of Externally-Controlled Parameters" and specifically relates to CWE-457: "Use of Uninitialized Variable" and CWE-1321: "Prototype Pollution in JavaScript". The attack pattern aligns with ATT&CK technique T1059.007: "Command and Scripting Interpreter: JavaScript" where adversaries may leverage prototype pollution to manipulate object properties and execute malicious code through JavaScript environments.
The fix implemented in version 0.97.3 addresses the core issue by introducing proper validation and sanitization of parameter keys before they are written to their respective slots. The solution involves filtering out or rejecting keys that contain proto-related patterns such as _proto_ or similar prototype manipulation indicators. Additionally, the implementation now ensures that object property assignments respect security boundaries and prevent unauthorized access to prototype properties, thereby closing the vector through which attackers could manipulate the prototype chain of generated SDK parameters.
Organizations using this API ecosystem should immediately upgrade to version 0.97.3 or later to mitigate this vulnerability, as the prototype pollution attack can potentially enable arbitrary code execution in JavaScript environments where prototype manipulation is not properly restricted. Security teams should also conduct thorough code reviews of any custom implementations that may interact with generated SDKs to ensure proper input validation and sanitization practices are maintained throughout their applications.
The vulnerability demonstrates a critical flaw in automated code generation systems where runtime templates are not properly secured against malicious input patterns, highlighting the importance of input validation even in generated code environments. This issue serves as a reminder that security considerations must be integrated into all stages of software development, including automated code generation processes that produce client-side libraries and SDKs for API consumption.