Middleapi Orpc vulnerabilities
2 known vulnerabilities affecting middleapi/orpc.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-28794P2CRITICALCVSS 9.8fixed in 1.13.62026-03-06
CVE-2026-28794 [CRITICAL] CWE-1321 CVE-2026-28794: oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards.
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototyp
nvd
CVE-2026-33331P4MEDIUMCVSS 5.4fixed in 1.13.92026-03-24
CVE-2026-33331 [MEDIUM] CWE-79 CVE-2026-33331: oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards.
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specification (such as info.description), they can break out of
nvd