CVE-2026-59880 | immutable-js Immutable.js up to 4.3.8/5.1.7 HashCollisionNode obj resource consumption

SecurityVulns

A vulnerability was found in immutable-js Immutable.js up to 4.3.8/5.1.7. It has been declared as problematic. Impacted is the function Immutable.Map/Immutable.fromJS/state.merge/mergeDeep of the file Immutable.js of the component HashCollisionNode. Executing a manipulation of the argument obj can lead to resource consumption.

This vulnerability is tracked as CVE-2026-59880. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More