CVE-2026-49252

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L                                    

Vulnerability Description

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any record. This issue has been fixed in version 10.0.5.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-1321

Source

NVD

Vendor

deepstreamIO

Product

deepstream.io

External References

https://github.com/deepstreamIO/deepstream.io/commit/54b8e2958a98df444b5b5d9a66e22872afd84e44
https://github.com/deepstreamIO/deepstream.io/security/advisories/GHSA-9v98-6g37-x9g6

CVE-2026-49252

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment