CVE-2026-49252
published 2026-06-18CVE-2026-49252: deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to…
PriorityP263critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAL
EPSS
0.27%
18.6th percentile
deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any record. This issue has been fixed in version 10.0.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deepstream | server | >= 0 < 10.0.5 | 10.0.5 |
| deepstreamio | deepstream.io | < 10.0.5 | 10.0.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-18
Published