CVE-2026-24888

Maker.js (makerjs.extendObject) is vulnerable to unsafe property copying. The function iterates with for...in without hasOwnProperty() checks and fails to filter dangerous keys, enabling inherited or crafted properties (e.g., proto ) to be copied to targets. This prototype-pollution risk is docum...