Lucene search
K

5 matches found

CVE
CVE
added 2026/04/24 9:4 p.m.72 views

CVE-2026-41248

The CVE-2026-41248 affects Clerk JavaScript repositories: createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by crafted requests, bypassing middleware gating and reaching downstream handlers. Affected fixes are: @clerk/astro 1.5.7, 2.17.10, 3.0.15; @clerk/nextjs 5....

9.1CVSS5.3AI score0.00323EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/16 9:28 p.m.8 views

@builder-builder/builder (>=0.0.7 <=0.0.27), @carrierllc/mcp (>=0.2.0 <=0.2.17) +78 more potentially affected by CVE-2026-41248 via @clerk/shared (>=4.0.0 <=4.8.1-canary.v20260415142102)

@clerk/shared NPM version =4.0.0, =0.0.7, =0.2.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =2.6.2-canary.v20260611003803 and more Source cves:...

9.1CVSS5.7AI score0.00323EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:28 p.m.8 views

@bentwnghk/chat (>=1.45.5 <=1.45.6), @clerk/elements (=0.0.2-snapshot.vc65ad98) +3 more potentially affected by CVE-2026-41248 via @clerk/nextjs (>=5.0.1-snapshot.vc65ad98 <=5.7.5)

@clerk/nextjs NPM version =5.0.1-snapshot.vc65ad98, =1.45.5, =1.2.8, =1.2.9 - @spike-npm-land/code =0.9.55 - spark-strand-login =1.0.1 Source cves: CVE-2026-41248 Source advisory: SNYK:JS-CLERKNEXTJS-16098250...

9.1CVSS5.8AI score0.00323EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:28 p.m.9 views

@aurora-nexus/aurora-nexus-design-system (=0.2.0), @fireproof/core-protocols-dashboard (>=0.24.3-dev-20261224 <=0.24.12) +6 more potentially affected by CVE-2026-41248 via @clerk/shared (>=3.36.0 <=3.45.1)

@clerk/shared NPM version =3.36.0, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.0.14, =0.18.25-dev, =0.24.3-dev-20261224, =0.18.25-dev, =0.18.28-dev Source cves: CVE-2026-41248 Source advisory: OSV:GHSA-VQX2-FGX2-5WQ9...

9.1CVSS5.8AI score0.00323EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 9:28 p.m.9 views

ngx-clerk-iliad (=0.2.8), ngx-clerk-imok (>=0.2.8 <=0.3.5) potentially affected by CVE-2026-41248 via @clerk/shared (=2.20.6)

@clerk/shared NPM version =2.20.6 is affected by a known vulnerability. The following packages have a transitive dependency on @clerk/shared and may be impacted: - ngx-clerk-iliad =0.2.8 - ngx-clerk-imok =0.2.8, =0.3.5 Source cves: CVE-2026-41248 Source advisory: OSV:GHSA-VQX2-FGX2-5WQ9...

9.1CVSS5.8AI score0.00323EPSS
Exploits0
Rows per page
Query Builder