CVE-2026-1774 | THREATINT

Description

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

PUBLISHED Reserved 2026-02-02 | Published 2026-02-10 | Updated 2026-02-11 | Assigner certcc

Problem types

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Product status

2.4.0 (custom)

affected

References

www.kb.cert.org/vuls/id/458422

github.com/stalniy/casl/tree/master/packages/casl-ability

cwe.mitre.org/data/definitions/1321.html

developer.mozilla.org/...ecurity/Attacks/Prototype_pollution

cve.org (CVE-2026-1774)

nvd.nist.gov (CVE-2026-1774)

Download JSON

help @ threatint.eu