This page collects WhisperX intelligence signals tagged #CVE-2026-35209. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A high-severity prototype pollution vulnerability (CVE-2026-35209 / GHSA-737v-mqg7-c878) in the `defu` library has triggered a forced dependency override within the Nuxt.js framework's development toolchain. The vulnerability, present in `defu` version 6.1.4, was discovered in a transitive dependency used by `@hey-api/...
A critical prototype pollution vulnerability in the `defu` library, tracked as CVE-2026-35209, has been patched in a recent server update. The flaw, present in `defu` versions 6.1.4 and earlier, could be exploited via a malicious `__proto__` key, potentially allowing attackers to modify an object's prototype and execut...