CVE ID :CVE-2026-46510 Published : May 29, 2026, 2:16 p.m. | 30 minutes ago Description :form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[...] causes the library to mutate Object.prototype, which is a prototype pollution primitive of the entire Node.js process. This vulnerability is fixed in 1.0.1. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...