CVE-2026-35209: defu: Prototype pollution via `proto` key in defaults argument

April 4, 2026 (updated April 6, 2026)

Applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to defu() are vulnerable to prototype pollution.

A crafted payload containing a __proto__ key can override intended default values in the merged result:

import { defu } from 'defu'

const userInput = JSON.parse('{"__proto__":{"isAdmin":true}}')
const config = defu(userInput, { isAdmin: false })

config.isAdmin // true — attacker overrides the server default

References

github.com/advisories/GHSA-737v-mqg7-c878
github.com/unjs/defu
github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29
github.com/unjs/defu/pull/156
github.com/unjs/defu/releases/tag/v6.1.5
github.com/unjs/defu/security/advisories/GHSA-737v-mqg7-c878
nvd.nist.gov/vuln/detail/CVE-2026-35209

Code Behaviors & Features

Detect and mitigate CVE-2026-35209 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →