Is CVE-2026-48714 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-48714 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-48714

CVE-2026-48713 and CVE-2026-48714 hit the npm ecosystem's dominant internationalisation library. Both scored CVSS 9.1. The second vulnerability bypassed the fix for the first using dotted __proto__ variants. Every Next.js, React, Angular, and Vue app using i18next was exposed.

2026

What WebPulse reported · 2 analyses

i18next Prototype Pollution: The Translation Layer Nobody Thought to Secure.

CVE-2026-48713 and CVE-2026-48714 hit the npm ecosystem's dominant internationalisation library. Both scored CVSS 9.1. The second vulnerability bypassed the fix

June 26, 2026

Three VPN Vendors Breached in One Month. The Perimeter Has Collapsed.

FortiNet, Palo Alto, Check Point: three vendors, three vectors, one structural conclusion in June 2026.

June 23, 2026

View CVE-2026-48714 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657