Intel

AIKIDO-2026-34284

lexical is vulnerable to Prototype Pollution

Prototype Pollution Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jul 1, 2026

42

Medium Risk

This Affects:

JSlexical
0.26.0 - 0.45.0
Fixed in 0.46.0
Are you affected? Scan for Free

TL;DR

The lexical core editor preserves unknown node-state entries when deserializing serialized editor state. The deserialization path writes keys directly from the parsed JSON, so a crafted payload using a __proto__ key can re-parent the internal state record. Because state lookups resolve keys with the in operator, which walks the prototype chain, this lets an attacker inject state values that override the defaults. The fix skips __proto__, constructor, and prototype keys and copies only own properties when restoring unknown state.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application deserializes Lexical editor state from untrusted input.

Background info

lexical is vulnerable to Prototype Pollution in versions 0.26.0 - 0.45.0.

How to fix this

Upgrade the lexical library to the patch version.