CVE-2026-6621

HIGH 7.3

1024bit extend-deep index.js prototype pollution

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The code repository of the project has not been active for many years.

CWE	CWE-1321 CWE-94
Vendor	1024bit
Product	extend-deep
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for 1024bit extend-deep

Be the first to know when new high vulnerabilities affecting 1024bit extend-deep are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

1024bit / extend-deep

0.1.0 0.1.1 0.1.2 0.1.3 0.1.4 0.1.5 0.1.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/358256 vuldb.com: https://vuldb.com/vuln/358256/cti vuldb.com: https://vuldb.com/submit/792387 github.com: https://github.com/sudo-secure/security-research/blob/main/extend-deep/prototype-pollution/PoC.md

Credits

🔍 sudosme (VulDB User) VulDB CNA Team