CVE-2026-23736
EUVD-2026-368021.01.2026, 23:15
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.
Awaiting analysis
This vulnerability is currently awaiting analysis.