CVE-2026-59880
Immutable.js contains a HashCollision vulnerability in Map/Set keys prior to version 4.3.9 and 5.1.8: an adversary who controls inserted keys can craft many hash collisions in a HashCollisionNode, causing linear scans and CPU exhaustion during insertion and lookup. The issue is fixed in 4.3.9 and...