Description
deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any record. This issue has been fixed in version 10.0.5.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/deepstreamIO/deepstream.io/security/advisories/GHSA-9v98-6g37-x9g6
X_Refsource_Misc x_refsource_misc
https://github.com/deepstreamIO/deepstream.io/commit/54b8e2958a98df444b5b5d9a66e22872afd84e44
Scores
CVSS v3
9.9
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Details
CWE
CWE-1321
Status
published
Products (1)
deepstreamIO/deepstream.io
< 10.0.5
Published
Jun 18, 2026
Tracked Since
Jun 19, 2026