CVE-2026-44291 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 14, 2026
protobufjs - Prototype Pollution
Overview
protobufjs < 7.5.6 and < 8.0.2 contains a prototype pollution vulnerability caused by use of plain objects with inherited prototypes for internal type lookup tables, letting attackers inject malicious strings into generated JavaScript code, exploit requires polluted Object.prototype.
Severity & Score
Impact
Attackers can inject malicious strings into generated JavaScript code, potentially leading to code injection or execution.
Mitigation
Update to version 7.5.6 or 8.0.2 or later.
Social Media Activity(2 posts)
š CVE-2026-44291 - High (8.1) protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.pro... š https://www.thehackerwire.com/vulnerability/CVE-2026-44291/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-44291 - High (8.1) protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.pro... š https://www.thehackerwire.com/vulnerability/CVE-2026-44291/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-44291
- Severity
- High
- CVSS Score
- 8.1
- Type
- prototype_pollution
- Status
- confirmed
- EPSS
- 4.8%
- Social Posts
- 2
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H