Intel

AIKIDO-2026-455718

workerd is vulnerable to Improper Input Validation

Improper Input Validation Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jun 24, 2026

55

Medium Risk

This Affects:

JSworkerd
0.0.1 - 1.20260618.1
Fixed in 1.20260619.1
Are you affected? Scan for Free

TL;DR

This version applies multiple security fixes in workerd: it prevents prototype-pollution-driven process aborts during structuredClone/deserialization, fixes several Use-after-free code pattern, avoids GC/finalizer crashes that could lead to std::terminate, adds strict limits to crypto operations to reduce resource-exhaustion DoS, hardens X509 string conversion, and prevents TLS checkServerIdentity from being silently ignored (it now throws ERR_OPTION_NOT_IMPLEMENTED when unsupported).

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

workerd is vulnerable to Improper Input Validation in versions 0.0.1 - 1.20260618.1.

How to fix this

Upgrade the workerd library to the patch version.