Is CVE-2026-48713 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-48713 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-48713

CVE-2026-48713 and CVE-2026-48714 hit the npm ecosystem's dominant internationalisation library. Both scored CVSS 9.1. The second vulnerability bypassed the fix for the first using dotted __proto__ variants. Every Next.js, React, Angular, and Vue app using i18next was exposed.

2026

What WebPulse reported · 1 analysis

i18next Prototype Pollution: The Translation Layer Nobody Thought to Secure.

CVE-2026-48713 and CVE-2026-48714 hit the npm ecosystem's dominant internationalisation library. Both scored CVSS 9.1. The second vulnerability bypassed the fix

June 26, 2026

View CVE-2026-48713 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657