CVE-2026-49252NVD

Vulnerability Summary

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any record. This issue has been fixed in version 10.0.5.

Severity Level

CRITICAL(9.9)

Published Date

Jun 18, 2026

Last Modified

Jun 18, 2026

Exploitation Status

No confirmed exploitation yet

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityLow

External References

https://github.com/deepstreamIO/deepstream.io/security/advisories/GHSA-9v98-6g37-x9g6
https://github.com/deepstreamIO/deepstream.io/commit/54b8e2958a98df444b5b5d9a66e22872afd84e44

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-49252NVD

Vulnerability Summary

External References