CVE-2026-31865
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/03/2026
Last modified:
18/03/2026
Description
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. `__proto__`. This issue is patched in 1.4.27. As a workaround, use t.Cookie validation to enforce validation value and/or prevent iterable over cookie if possible.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM