CVE-2026-22028 | preactjs preact up to 10.26.9/10.27.2/10.28.1 JSON type confusion

A vulnerability classified as critical has been found in preactjs preact up to 10.26.9/10.27.2/10.28.1. The affected element is an unknown function of the component JSON Handler. The manipulation leads to type confusion.

This vulnerability is referenced as CVE-2026-22028. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More