CVE-2026-48170 is a critical-severity security vulnerability in scim-patch (npm), affecting versions <= 0.9.0. It is fixed in 0.9.1.
Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "proto.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch() on attacker-controlled JSON (i.e. any SCIM endpoint accepting PATCH from an external IdP) is exploitable on a stock Node runtime. Impact Class: Prototype pollution (CWE-1321) Affected versions: <= 0.9.0 (current HEAD 871b1e2) Attack vector: Network, sent as part of a normal SCIM PATCH /Users/:id request body. Privileges required: Whatever the SCIM endpoint requires. For most integrations that's a provisioned IdP, which is "low" in CVSS terms (any authenticated provisioning client). Scope: Changed, the bug is in a SCIM library but the side effect (Object.prototype mutation) leaks into the entire Node process. Downstream consequences depend on what other code reads from plain objects. Realistic outcomes observed in similar bugs: Privilege escalation if any auth/middleware code checks actor.isAdmin / req.user.admin / similar boolean flags against a plain object that expects the key to be absent. Logic bypass / DoS if any code branches on obj.name, obj.type, obj.id etc. against plain objects (e.g. pg's prepared-statement naming check, a real incident at one consumer). Persistence: lasts until the Node process restarts, so the blast radius is every request that container handles after the pollution. Root cause In src/scimPatch.ts:415-427, addOrReplaceObjectAttribute iterates the user-supplied patch.value with Object.entries and feeds each key to resolvePaths, which splits on .: assign then walks the resulting key path with no filtering on dangerous keys (src/scimPatch.ts:437-445): For keyPath = ["proto", "polluted"]: "proto" in obj is always true, so the fresh-object branch is skipped. obj = obj["proto"] now points to Object.prototype. The final write lands on Object.prototype.polluted. The same shape works for constructor.prototype keys. Proof of concept Drop this in test/prototypePollution.test.ts and run npm run build && npx mocha lib/test/prototypePollution.test.js. Both tests pass against HEAD 871b1e2: Suggested fix Reject the three dangerous keys in assign() before the walk. Minimal patch: Alternative, slightly safer: switch the walk target to Object.create(null) nodes when creating intermediate objects, and use Object.defineProperty(obj, key, { value, enumerable: true, configurable: true, writable: true }) instead of obj[key] = value for the final write. That defends against future prototype-walking sinks even if a key sneaks past the denylist. Either approach is a non-breaking change, legitimate SCIM clients never send these keys. Mitigation for consumers who can't upgrade immediately Calling Object.freeze(Object.prototype) (and the same on Array.prototype, Function.prototype) at process startup neutralizes this class of bug, assignment to a frozen prototype becomes a silent no-op in sloppy mode or a TypeError in strict mode. Node's --frozen-intrinsics flag does this for built-ins automatically. Credit Discovered by Lee Wang (Notion). Reported by David Wu (Notion). Report authored by Claude. Reviewed by David Wu.
CVE-2026-48170 has a CVSS score of 9.1 (Critical). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (0.9.1). Upgrading removes the vulnerable code path.
npm
scim-patch (<= 0.9.0)scim-patch → 0.9.1 (npm)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2026-48170 is reachable in your applications. Explore open-source security for your team.
See if CVE-2026-48170 is reachable in your applications. Get a demo
Already deployed Kodem? See CVE-2026-48170 in your environment →Upgrade scim-patch to 0.9.1 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2026-48170 is a critical-severity security vulnerability in scim-patch (npm), affecting versions <= 0.9.0. It is fixed in 0.9.1.
CVE-2026-48170 has a CVSS score of 9.1 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
scim-patch (npm) versions <= 0.9.0 is affected.
Yes. CVE-2026-48170 is fixed in 0.9.1. Upgrade to this version or later.
Whether CVE-2026-48170 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade scim-patch to 0.9.1 or later.