CVE ID :CVE-2026-55388 Published : June 22, 2026, 4:50 p.m. | 4 hours, 19 minutes ago Description :piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-55388 - piscina: Prototype Pollution Gadget → RCE via inherited options.filename

VERWANDTEARTIKEL

CVE-2026-44271 - Dell Wyse Management Suite SQL Injection

CVE-2026-53779 - WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows

CVE-2026-11834 - Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

CVE-2026-10789 - MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

CVE-2026-54271 - protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

CVE-2026-12249 - Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment