CVE-2026-49252 | deepstreamIO deepstream.io up to 10.0.4 Send Message prototype pollution (GHSA-9v98-6g37-x9g6)

A vulnerability was found in deepstreamIO deepstream.io up to 10.0.4. It has been declared as critical. The impacted element is an unknown function of the component Send Message Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.

This vulnerability is registered as CVE-2026-49252. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More