CVE-2026-42077 Overview
CVE-2026-42077 is a prototype pollution vulnerability in Evolver, a GEP-powered self-evolving engine for AI agents. The flaw exists in the mailbox store module of versions prior to 1.69.3. The _applyUpdate() and _updateRecord() functions use Object.assign() to merge user-controlled data without filtering dangerous keys such as __proto__, constructor, and prototype. Attackers with local access and high privileges can inject malicious properties into Object.prototype, modifying the behavior of all JavaScript objects in the runtime. The maintainers patched the issue in version 1.69.3. The weakness is tracked under CWE-1321: Improperly Controlled Modification of Object Prototype Attributes.
Critical Impact
Successful exploitation pollutes Object.prototype across the Evolver runtime, enabling tampering with object behavior, potential logic bypass, and process-level denial of service.
Affected Products
- Evolver versions prior to 1.69.3
- Evolver mailbox store module (_applyUpdate() and _updateRecord() functions)
- Applications embedding the vulnerable Evolver runtime for AI agent orchestration
Discovery Timeline
- 2026-05-04 - CVE-2026-42077 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-42077
Vulnerability Analysis
The vulnerability resides in the Evolver mailbox store module, which persists and updates record state for AI agent message handling. The _applyUpdate() and _updateRecord() functions accept arbitrary key-value input and pass it directly to Object.assign(). JavaScript's Object.assign() follows the prototype chain when target keys are __proto__, allowing writes to reach Object.prototype. Once polluted, every object instantiated in the runtime inherits the injected properties. This can corrupt control-flow checks, override security-relevant defaults, and trigger crashes when objects encounter unexpected inherited members. The CWE-1321 classification reflects the absence of key filtering before merge operations.
Root Cause
The root cause is missing input sanitization on object keys prior to merge. Neither _applyUpdate() nor _updateRecord() rejects reserved keys like __proto__, constructor, or prototype. Because Object.assign() does not perform deep-merge protections, supplying a payload such as { "__proto__": { "polluted": true } } writes through to the global prototype.
Attack Vector
Exploitation requires local access and high privileges, with no user interaction. An attacker who can submit crafted update payloads to the mailbox store module triggers the merge path. The high attack complexity reflects the constrained interface for delivering the malicious key. The impact spans confidentiality, integrity, and availability, with availability affected most significantly because polluted prototypes commonly induce process crashes.
The vulnerability manifests when user-controlled data containing __proto__ keys reaches Object.assign() without filtering. See GitHub Security Advisory GHSA-2cjr-5v3h-v2w4 for technical details.
Detection Methods for CVE-2026-42077
Indicators of Compromise
- Mailbox store update payloads containing the literal keys __proto__, constructor, or prototype in JSON bodies.
- Unexpected properties appearing on otherwise-empty objects in Evolver runtime logs or memory dumps.
- Node.js process crashes or assertion failures originating from _applyUpdate() or _updateRecord() call frames.
Detection Strategies
- Inspect application logs for serialized inputs containing __proto__, constructor.prototype, or escaped variants such as \\u005f\\u005fproto\\u005f\\u005f.
- Add runtime guards that hash Object.prototype key sets at startup and alert on drift.
- Review version metadata across Evolver deployments to identify hosts running releases below 1.69.3.
Monitoring Recommendations
- Forward Evolver and Node.js process logs to a centralized analytics platform and alert on prototype-related crash signatures.
- Monitor mailbox store API calls for anomalous payload structures and unusual key names.
- Track package inventories with software composition analysis tooling to flag vulnerable Evolver versions in CI/CD pipelines.
How to Mitigate CVE-2026-42077
Immediate Actions Required
- Upgrade Evolver to version 1.69.3 or later in all environments running the mailbox store module.
- Restrict local access to hosts running Evolver and audit accounts holding high privileges on those systems.
- Review historical mailbox update payloads for prior exploitation attempts containing prototype-related keys.
Patch Information
The maintainers released the fix in Evolver v1.69.3. The patch adds key filtering in _applyUpdate() and _updateRecord() to reject __proto__, constructor, and prototype before invoking Object.assign(). Refer to the GitHub Security Advisory GHSA-2cjr-5v3h-v2w4 for the complete advisory.
Workarounds
- Wrap mailbox store inputs with a sanitizer that strips __proto__, constructor, and prototype keys before they reach merge functions.
- Replace Object.assign() usage in custom forks with Object.create(null) targets or a vetted deep-merge library that blocks prototype keys.
- Run the Node.js process with --disable-proto=delete to remove the __proto__ accessor from Object.prototype.
# Configuration example
npm install evolver@1.69.3
node --disable-proto=delete server.js
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
