CVE-2026-1774: CASL Ability is Vulnerable to Prototype Pollution
(updated )
CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.
References
- cwe.mitre.org/data/definitions/1321.html
- developer.mozilla.org/en-US/docs/Web/Security/Attacks/Prototype_pollution
- github.com/advisories/GHSA-x9vf-53q3-cvx6
- github.com/stalniy/casl
- github.com/stalniy/casl/commit/39da920ec1dfadf3655e28bd0389e960ac6871f4
- github.com/stalniy/casl/pull/1093
- github.com/stalniy/casl/tree/master/packages/casl-ability
- nvd.nist.gov/vuln/detail/CVE-2026-1774
- www.kb.cert.org/vuls/id/458422
Code Behaviors & Features
Detect and mitigate CVE-2026-1774 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →