Intel

AIKIDO-2026-994752

@lexical/yjs is vulnerable to Prototype Pollution

Prototype Pollution Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jul 1, 2026

48

Medium Risk

This Affects:

JS@lexical/yjs
0.37.0 - 0.45.0
Fixed in 0.46.0
Are you affected? Scan for Free

TL;DR

The @lexical/yjs collaboration binding applies remote node-state and property attributes received from other peers. Unknown attributes are written directly from the deserialized payload, so a malicious peer can send a __proto__ attribute that pollutes the object prototype during a collaborative session. This can inject or override state values that the application later reads. The fix applies a guard that skips __proto__, constructor, and prototype keys when importing remote attributes.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application uses Yjs-based collaboration with untrusted remote peers.

Background info

@lexical/yjs is vulnerable to Prototype Pollution in versions 0.37.0 - 0.45.0.

How to fix this

Upgrade the @lexical/yjs library to the patch version.