Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23
https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13465.json
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
https://bugzilla.redhat.com/show_bug.cgi?id=2431740
https://access.redhat.com/security/cve/CVE-2025-13465
https://access.redhat.com/errata/RHSA-2026:9848
https://access.redhat.com/errata/RHSA-2026:8229
https://access.redhat.com/errata/RHSA-2026:8218
https://access.redhat.com/errata/RHSA-2026:6567
https://access.redhat.com/errata/RHSA-2026:6497
https://access.redhat.com/errata/RHSA-2026:6288
https://access.redhat.com/errata/RHSA-2026:6192
https://access.redhat.com/errata/RHSA-2026:5636
https://access.redhat.com/errata/RHSA-2026:5633
https://access.redhat.com/errata/RHSA-2026:4782
https://access.redhat.com/errata/RHSA-2026:4630
https://access.redhat.com/errata/RHSA-2026:4467
https://access.redhat.com/errata/RHSA-2026:4466
https://access.redhat.com/errata/RHSA-2026:4423
https://access.redhat.com/errata/RHSA-2026:3962
https://access.redhat.com/errata/RHSA-2026:3960
https://access.redhat.com/errata/RHSA-2026:3958
https://access.redhat.com/errata/RHSA-2026:3884
https://access.redhat.com/errata/RHSA-2026:3874
https://access.redhat.com/errata/RHSA-2026:3870
https://access.redhat.com/errata/RHSA-2026:3869
https://access.redhat.com/errata/RHSA-2026:3825
https://access.redhat.com/errata/RHSA-2026:3782
https://access.redhat.com/errata/RHSA-2026:3710
https://access.redhat.com/errata/RHSA-2026:36882
https://access.redhat.com/errata/RHSA-2026:36651
https://access.redhat.com/errata/RHSA-2026:34608
https://access.redhat.com/errata/RHSA-2026:3422
https://access.redhat.com/errata/RHSA-2026:34100
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/errata/RHSA-2026:33154
https://access.redhat.com/errata/RHSA-2026:3087
https://access.redhat.com/errata/RHSA-2026:2990
https://access.redhat.com/errata/RHSA-2026:2984
https://access.redhat.com/errata/RHSA-2026:2926
https://access.redhat.com/errata/RHSA-2026:2900
https://access.redhat.com/errata/RHSA-2026:2819
https://access.redhat.com/errata/RHSA-2026:2818
https://access.redhat.com/errata/RHSA-2026:2817
https://access.redhat.com/errata/RHSA-2026:2816
https://access.redhat.com/errata/RHSA-2026:2694
https://access.redhat.com/errata/RHSA-2026:2675
https://access.redhat.com/errata/RHSA-2026:2672
https://access.redhat.com/errata/RHSA-2026:2661
https://access.redhat.com/errata/RHSA-2026:2651
https://access.redhat.com/errata/RHSA-2026:25089
https://access.redhat.com/errata/RHSA-2026:2484
https://access.redhat.com/errata/RHSA-2026:2469
https://access.redhat.com/errata/RHSA-2026:2465
https://access.redhat.com/errata/RHSA-2026:2462
https://access.redhat.com/errata/RHSA-2026:2452
https://access.redhat.com/errata/RHSA-2026:2438
https://access.redhat.com/errata/RHSA-2026:24331
https://access.redhat.com/errata/RHSA-2026:21658
https://access.redhat.com/errata/RHSA-2026:2149
https://access.redhat.com/errata/RHSA-2026:2148
https://access.redhat.com/errata/RHSA-2026:2147
https://access.redhat.com/errata/RHSA-2026:2145
https://access.redhat.com/errata/RHSA-2026:2119
https://access.redhat.com/errata/RHSA-2026:2078
https://access.redhat.com/errata/RHSA-2026:20088
https://access.redhat.com/errata/RHSA-2026:20042
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:18868
https://access.redhat.com/errata/RHSA-2026:18480
https://access.redhat.com/errata/RHSA-2026:1845
https://access.redhat.com/errata/RHSA-2026:17469
https://access.redhat.com/errata/RHSA-2026:15091
https://access.redhat.com/errata/RHSA-2026:14871
https://access.redhat.com/errata/RHSA-2026:14870
https://access.redhat.com/errata/RHSA-2026:14774
https://access.redhat.com/errata/RHSA-2026:13829
https://access.redhat.com/errata/RHSA-2026:13548
Published: 2026-01-21
Updated: 2026-07-10
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: Medium
Base Score: 7.9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H
Severity: High
EPSS: 0.00045