2 matches found
CVE-2026-44646
LiquidJS CVE-2026-44646: TheContext.spawn() path used by {% render %} creates a child Context without propagating the parent’s resolved ownPropertyOnly value, causing per-render overrides to be discarded inside partials. This enables prototype-chain property access in rendered partials when top-l...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44646 via liquidjs (>=10.10.0 <=10.25.7)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44646 Source advisory: OSV:GHSA-9X9P-QF8F-MVJG...