CVE-2026-1774: Critical CASL Prototype Pollution Flaw Enables Remote Privilege Escalation in Node.js Applications

Aegiron 9 mins0

Overview

CVE ID: CVE-2026-1774
Component: @casl/ability (CASL Authorization Library)
Vulnerability Type: Prototype Pollution (CWE-1321)
CVSS v3.1 Score: 9.8 (Critical)
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
Exploitability: High (low-complexity input manipulation)
Public Exploit Availability: No widely weaponized exploit published at time of writing; vulnerability is trivially testable in affected environments

This vulnerability affects the CASL authorization library used in Node.js applications for access control enforcement. Improper handling of object property paths in specific utility functions allows attacker-controlled input to modify the JavaScript prototype chain.

Affected Versions

@casl/ability versions:

  • 2.4.0 through 6.7.4

Fixed Version

Upgrade to:

6.7.5 or later

Official project link (patch source and release details):
https://github.com/stalniy/casl/tree/master/packages/casl-ability

Immediate upgrade is strongly recommended.

Technical Description

The issue exists in internal logic that sets object properties dynamically using path-based keys. When untrusted input is passed into functions responsible for mapping rule fields (such as path setters), special property names are not properly sanitized.

JavaScript objects inherit from Object.prototype. If special keys such as:

  • __proto__
  • constructor
  • prototype

are accepted and written using dynamic setters, the global prototype chain can be modified.

This results in prototype pollution, meaning new properties are injected into all objects in the runtime context.

Example impact:

If an application checks:

if (user.isAdmin) { ... }

And an attacker pollutes:

Object.prototype.isAdmin = true

Then every object lacking its own isAdmin property may evaluate as true.

This turns a simple data handling flaw into:

  • Authorization bypass
  • Privilege escalation
  • Business logic manipulation
  • Potential denial-of-service
  • In chained scenarios, remote code execution (context dependent)

Root Cause

Improper validation of user-controlled keys in dynamic object property assignment functions.

Specifically:

  • Lack of filtering for dangerous prototype keys
  • No explicit denylist enforcement
  • Unsafe merging or path-based property writing

The vulnerability manifests when application code passes user input into CASL rule processing without strict input validation.

Attack Scenario

  1. An attacker identifies an endpoint that accepts JSON data used to build CASL ability rules.
  2. Crafted JSON payload containing __proto__ or constructor.prototype is submitted.
  3. The vulnerable setter function writes attacker-controlled data into Object.prototype.
  4. Subsequent authorization logic reads polluted properties.
  5. Privileged actions become accessible.

No authentication is required if the vulnerable endpoint is exposed.

Proof of Concept (Educational)

The following payload demonstrates prototype pollution testing. Use only in controlled environments.

Payload Variant 1 – __proto__

{
  "__proto__": {
    "isAdmin": true
  }
}

Payload Variant 2 – constructor.prototype

{
  "constructor": {
    "prototype": {
      "isAdmin": true
    }
  }
}

Verification Method

After sending payload:

  • Perform a normal request.
  • Observe if authorization logic behaves differently.
  • Check whether previously unauthorized endpoints are now accessible.
  • Inspect runtime:
console.log({}.isAdmin);

If true, prototype pollution has occurred.

Exploitation Impact

Privilege Escalation

Authorization checks relying on object properties may be bypassed.

Business Logic Abuse

Access control rules may be modified indirectly.

Denial of Service

Unexpected property types may trigger runtime exceptions.

Security Boundary Collapse

Global object modification may affect unrelated modules.

Chained Exploitation

If polluted properties influence command execution or deserialization logic, escalation to remote code execution may be possible depending on application architecture.

MITRE ATT&CK Mapping

  • T1068 – Exploitation for Privilege Escalation
  • T1190 – Exploit Public-Facing Application
  • TA0004 – Privilege Escalation
  • TA0001 – Initial Access

Detection

Indicators of Compromise

  • HTTP requests containing __proto__, constructor, or prototype keys
  • Unexpected admin privileges granted
  • Authorization logic returning true unexpectedly
  • New properties appearing on global objects
  • Application instability after suspicious requests

Log Sources

  • Application logs (Node.js runtime logs)
  • API gateway logs
  • Reverse proxy logs (NGINX, Apache)
  • Web Application Firewall logs
  • SIEM ingestion logs
  • Node.js process monitoring
  • EDR telemetry

Detection Rules

Splunk Query

index=web_logs
(method=POST OR method=PUT OR method=PATCH)
(".__proto__" OR "\"__proto__\"" OR "\"constructor\"" OR "\"prototype\"")
| stats count by src_ip, uri, user_agent
| where count > 2

Elastic KQL

http.request.method:(POST OR PUT OR PATCH) AND 
(http.request.body:*__proto__* OR http.request.body:*"constructor"* OR http.request.body:*"prototype"*)

Generic Regex Pattern

/"(__proto__|constructor"\s*:\s*{\s*"prototype|prototype)"\s*:/i

ModSecurity Rule

SecRule REQUEST_BODY "(?:__proto__|\"constructor\"\s*:\s*{\s*\"prototype\")" \
"id:100500,phase:2,deny,log,status:403,msg:'Prototype pollution attempt detected'"

Suricata Rule Concept

alert http any any -> any any (msg:"Prototype Pollution Attempt"; content:"__proto__"; http_client_body; sid:900001;)

Detection at Application Layer

Add middleware validation:

function validateInput(obj) {
  const forbidden = ["__proto__", "constructor", "prototype"];
  for (const key in obj) {
    if (forbidden.includes(key)) {
      throw new Error("Invalid property detected");
    }
  }
}

Implement before passing input into CASL logic.

Hardening Recommendations

  1. Upgrade immediately to 6.7.5 or later.
  2. Validate all incoming JSON payloads.
  3. Implement denylist filtering for prototype keys.
  4. Use Object.create(null) for sensitive object creation where possible.
  5. Freeze global prototypes in hardened environments:
Object.freeze(Object.prototype);
  1. Conduct code review for any dynamic property setters.
  2. Add security tests for prototype pollution in CI/CD.
  3. Enable dependency scanning in build pipeline.

Incident Response Considerations

If exploitation is suspected:

  • Restart affected Node.js processes.
  • Clear memory state (pollution persists until process restart).
  • Rotate credentials if privilege escalation occurred.
  • Review access logs for unauthorized activity.
  • Patch and redeploy immediately.

Risk Assessment

Due to:

  • No authentication requirement
  • Remote attack surface
  • Low complexity
  • High impact on authorization logic

This vulnerability must be treated as Critical in production systems exposing CASL-based authorization through API endpoints.

Applications handling financial data, administrative operations, or multi-tenant access control are especially high risk.

Final Takeaway

CVE-2026-1774 is a critical prototype pollution vulnerability in @casl/ability that can allow attackers to manipulate global object properties and bypass authorization logic.

Although no widespread weaponized exploit is currently circulating, exploitation is technically straightforward in vulnerable environments.

Immediate upgrade to version 6.7.5 or later is required.

Official patch source:
https://github.com/stalniy/casl/tree/master/packages/casl-ability

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.