CVE-2026-35209
Published: 06 April 2026
Summary
CVE-2026-35209 is a high-severity Prototype Pollution (CWE-1321) vulnerability in Unjs Defu. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely patching of known flaws like CVE-2026-35209 by upgrading the defu library to version 6.1.5 or later.
Requires validation and sanitization of unsanitized user inputs such as JSON payloads before passing to defu() to block crafted __proto__ keys.
Enables automated scanning of software dependencies to identify vulnerable defu versions affected by CVE-2026-35209.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated prototype pollution flaw in a library used by applications, directly enabling attackers to supply crafted payloads (e.g., via JSON request bodies) to a public-facing application, matching T1190 Exploit Public-Facing Application.
NVD Description
defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()`…
more
are vulnerable to prototype pollution. A crafted payload containing a `__proto__` key can override intended default values in the merged resul. The internal `_defu` function used `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object's `[[Prototype]]` with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing `__proto__` key guard in the `for...in` loop and land in the final result. Version 6.1.5 replaces `Object.assign({}, defaults)` with object spread (`{ ...defaults }`), which uses `[[DefineOwnProperty]]` and does not invoke the `__proto__` setter.
Deeper analysisAI
CVE-2026-35209 is a prototype pollution vulnerability (CWE-1321) affecting the defu library prior to version 6.1.5. Defu is a utility that recursively assigns default properties to objects. The issue arises in applications that pass unsanitized user input—such as parsed JSON request bodies, database records, or config files from untrusted sources—as the first argument to the defu() function.
Remote unauthenticated attackers can exploit this vulnerability by supplying a crafted payload containing a __proto__ key. The internal _defu function copies defaults using Object.assign({}, defaults), which invokes the __proto__ setter and replaces the resulting object's [[Prototype]] with attacker-controlled values. Inherited properties from the polluted prototype then bypass the existing __proto__ key guard in the for...in loop, appearing in the final merged result and overriding intended defaults. The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), enabling high integrity impacts without privileges or user interaction.
Version 6.1.5 mitigates the vulnerability by replacing Object.assign({}, defaults) with object spread ({ ...defaults }), which relies on [[DefineOwnProperty]] and avoids invoking the __proto__ setter. Security practitioners should upgrade to 6.1.5 or later. Details are in the GitHub security advisory (GHSA-737v-mqg7-c878), pull request #156, commit 3942bfbbcaa72084bd4284846c83bd61ed7c8b29, and release notes for v6.1.5.
Details
- CWE(s)