Vulnerability-Lookup

CVE-2026-28794 (GCVE-0-2026-28794)

Vulnerability from cvelistv5 – Published: 2026-03-06 05:02 – Updated: 2026-03-09 19:53

Title

oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization

Summary

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/middleapi/orpc/security/adviso…	x_refsource_CONFIRM
	https://github.com/middleapi/orpc/commit/1dba06fc…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	middleapi	orpc	Affected: < 1.13.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28794",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T19:53:21.791713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T19:53:35.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "orpc",
          "vendor": "middleapi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.13.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T05:02:19.019Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc"
        },
        {
          "name": "https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5"
        }
      ],
      "source": {
        "advisory": "GHSA-m272-9rp6-32mc",
        "discovery": "UNKNOWN"
      },
      "title": "oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28794",
    "datePublished": "2026-03-06T05:02:19.019Z",
    "dateReserved": "2026-03-03T14:25:19.245Z",
    "dateUpdated": "2026-03-09T19:53:35.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-28794\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-06T05:16:40.297\",\"lastModified\":\"2026-03-10T19:48:05.813\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6.\"},{\"lang\":\"es\",\"value\":\"oRPC es una herramienta que ayuda a construir APIs que son de tipo seguro de extremo a extremo y se adhieren a los est\u00e1ndares OpenAPI. Antes de la versi\u00f3n 1.13.6, existe una vulnerabilidad de contaminaci\u00f3n de prototipos en el deserializador JSON RPC del paquete @orpc/client. La vulnerabilidad permite a atacantes remotos no autenticados inyectar propiedades arbitrarias en el Object.prototype global. Debido a que esta contaminaci\u00f3n persiste durante la vida \u00fatil del proceso Node.js y afecta a todos los objetos, puede conducir a graves brechas de seguridad, incluyendo omisi\u00f3n de autenticaci\u00f3n, denegaci\u00f3n de servicio y potencialmente ejecuci\u00f3n remota de c\u00f3digo. Este problema ha sido parcheado en la versi\u00f3n 1.13.6.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:orpc:orpc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.13.6\",\"matchCriteriaId\":\"D29E8AD1-8425-4A68-BD81-0830EF0205E9\"}]}]}],\"references\":[{\"url\":\"https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28794\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-09T19:53:21.791713Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-09T19:53:31.304Z\"}}], \"cna\": {\"title\": \"oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization\", \"source\": {\"advisory\": \"GHSA-m272-9rp6-32mc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"middleapi\", \"product\": \"orpc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.13.6\"}]}], \"references\": [{\"url\": \"https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc\", \"name\": \"https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5\", \"name\": \"https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-06T05:02:19.019Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-28794\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-09T19:53:35.764Z\", \"dateReserved\": \"2026-03-03T14:25:19.245Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-06T05:02:19.019Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-28794

Vulnerability from fkie_nvd - Published: 2026-03-06 05:16 - Updated: 2026-03-10 19:48

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5	Patch
	security-advisories@github.com	https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	orpc	orpc	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:orpc:orpc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29E8AD1-8425-4A68-BD81-0830EF0205E9",
              "versionEndExcluding": "1.13.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6."
    },
    {
      "lang": "es",
      "value": "oRPC es una herramienta que ayuda a construir APIs que son de tipo seguro de extremo a extremo y se adhieren a los est\u00e1ndares OpenAPI. Antes de la versi\u00f3n 1.13.6, existe una vulnerabilidad de contaminaci\u00f3n de prototipos en el deserializador JSON RPC del paquete @orpc/client. La vulnerabilidad permite a atacantes remotos no autenticados inyectar propiedades arbitrarias en el Object.prototype global. Debido a que esta contaminaci\u00f3n persiste durante la vida \u00fatil del proceso Node.js y afecta a todos los objetos, puede conducir a graves brechas de seguridad, incluyendo omisi\u00f3n de autenticaci\u00f3n, denegaci\u00f3n de servicio y potencialmente ejecuci\u00f3n remota de c\u00f3digo. Este problema ha sido parcheado en la versi\u00f3n 1.13.6."
    }
  ],
  "id": "CVE-2026-28794",
  "lastModified": "2026-03-10T19:48:05.813",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-06T05:16:40.297",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1321"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-M272-9RP6-32MC

Vulnerability from github – Published: 2026-03-02 21:43 – Updated: 2026-03-06 15:16

Summary

`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization

Details

Summary

A critical Prototype Pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution.

Vulnerability Details

The root cause lies in the deserialize() method of StandardRPCJsonSerializer. When processing attacker-controlled path segments from the meta and maps arrays, the deserializer fails to implement validation or sanitization for dangerous JavaScript object keys, specifically __proto__ and constructor:

https://github.com/middleapi/orpc/blob/819ed2e0897b18a5d6a4ca85ba68568f055004a1/packages/client/src/adapters/standard/rpc-json-serializer.ts#L137-L213

There are two primary distinct write vectors available to an attacker:

The meta vector: Writes type-constrained values (e.g., Map, Set, Date) to arbitrary object paths.
The maps vector: Allows the injection of arbitrary string values. This occurs because the return value of getBlob(i) (which relies on FormData.get(i.toString())) is cast as Blob. Since this is strictly a TypeScript compile-time cast, the runtime execution allows standard text fields to return as arbitrary strings.

Crucially, this deserialization process occurs at the very beginning of the request lifecycle before any Zod schema validation takes place. Consequently, a malicious payload will successfully pollute the prototype even if the request is subsequently rejected by the validation layer.

This issue impacts all server adapters utilizing the RPC protocol.

Proof of Concept

To reproduce the vulnerability, set up the playgrounds/astro environment and start the development server using pnpm dev.

Run the following curl command to send a crafted payload:

curl -X POST http://localhost:4321/rpc/planet/create \
     -F 'data={"json":{},"meta":[],"maps":[["__proto__","role"]]}' \
     -F '0=admin'

Result: The deserializer evaluates maps, follows the __proto__ path, and maps index 0 to the string "admin". This immediately applies Object.prototype.role = "admin" across the entire Node.js server instance.

Impact

Servers relying on StandardRPCJsonSerializer for deserialization are immediately susceptible to global prototype pollution. The potential impacts including:

Privilege Escalation / Authorization Bypass: Attackers can bypass flawed security checks. For example, if the server relies on a defaulted property check like if (user.role === "admin"), the application will evaluate this as true for all users globally.
Remote Code Execution: If the application or its dependencies contain susceptible prototype pollution gadgets (e.g., dynamically executing shell commands or scripts based on object properties), this vulnerability can be leveraged into full RCE.
Denial of Service: Attackers can overwrite built-in methods (e.g., toString) or set objects into unexpected states, causing the application to crash or throw unhandled exceptions globally.

Severity ?

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.13.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@orpc/client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-02T21:43:00Z",
    "nvd_published_at": "2026-03-06T05:16:40Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nA critical Prototype Pollution vulnerability exists in the RPC JSON deserializer of the `@orpc/client` package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global `Object.prototype`. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution.\n\n### Vulnerability Details\nThe root cause lies in the `deserialize()` method of `StandardRPCJsonSerializer`. When processing attacker-controlled path segments from the `meta` and `maps` arrays, the deserializer fails to implement validation or sanitization for dangerous JavaScript object keys, specifically `__proto__` and `constructor`:\n\nhttps://github.com/middleapi/orpc/blob/819ed2e0897b18a5d6a4ca85ba68568f055004a1/packages/client/src/adapters/standard/rpc-json-serializer.ts#L137-L213\n\nThere are two primary distinct write vectors available to an attacker:\n\n1. The `meta` vector: Writes type-constrained values (e.g., `Map`, `Set`, `Date`) to arbitrary object paths.\n2. The `maps` vector: Allows the injection of arbitrary string values. This occurs because the return value of `getBlob(i)` (which relies on `FormData.get(i.toString())`) is cast `as Blob`. Since this is strictly a TypeScript compile-time cast, the runtime execution allows standard text fields to return as arbitrary strings.\n\nCrucially, this deserialization process occurs at the very beginning of the request lifecycle before any Zod schema validation takes place. Consequently, a malicious payload will successfully pollute the prototype even if the request is subsequently rejected by the validation layer.\n\nThis issue impacts all server adapters utilizing the RPC protocol.\n\n### Proof of Concept\nTo reproduce the vulnerability, set up the [playgrounds/astro](https://github.com/middleapi/orpc/tree/main/playgrounds/astro) environment and start the development server using `pnpm dev`. \n\nRun the following `curl` command to send a crafted payload:\n\n```bash\ncurl -X POST http://localhost:4321/rpc/planet/create \\\n     -F \u0027data={\"json\":{},\"meta\":[],\"maps\":[[\"__proto__\",\"role\"]]}\u0027 \\\n     -F \u00270=admin\u0027\n```\n\nResult: The deserializer evaluates `maps`, follows the `__proto__` path, and maps index `0` to the string `\"admin\"`. This immediately applies `Object.prototype.role = \"admin\"` across the entire Node.js server instance. \n\n### Impact\nServers relying on `StandardRPCJsonSerializer` for deserialization are immediately susceptible to global prototype pollution. The potential impacts including:\n\n- Privilege Escalation / Authorization Bypass: Attackers can bypass flawed security checks. For example, if the server relies on a defaulted property check like `if (user.role === \"admin\")`, the application will evaluate this as `true` for all users globally.\n- Remote Code Execution: If the application or its dependencies contain susceptible prototype pollution gadgets (e.g., dynamically executing shell commands or scripts based on object properties), this vulnerability can be leveraged into full RCE.\n- Denial of Service: Attackers can overwrite built-in methods (e.g., `toString`) or set objects into unexpected states, causing the application to crash or throw unhandled exceptions globally.",
  "id": "GHSA-m272-9rp6-32mc",
  "modified": "2026-03-06T15:16:22Z",
  "published": "2026-03-02T21:43:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/middleapi/orpc/security/advisories/GHSA-m272-9rp6-32mc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28794"
    },
    {
      "type": "WEB",
      "url": "https://github.com/middleapi/orpc/commit/1dba06fc6f938c2486de303c2fa096bc1c8418b5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/middleapi/orpc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-28794 (GCVE-0-2026-28794)

FKIE_CVE-2026-28794

GHSA-M272-9RP6-32MC

Summary

Vulnerability Details

Proof of Concept

Impact

Tags

Sightings

Nomenclature