CVE-2026-44646 - Vulnerability Details

- LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Description

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn() creates a child Context for the {% render %} tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly (the instance-level option), silently discarding any RenderOptions.ownPropertyOnly override that was supplied to parseAndRender(). As a result, a developer who runs a Liquid instance with the backwards-compatible ownPropertyOnly:false and then locks down an untrusted render with parseAndRender(..., { ownPropertyOnly: true }) still leaks prototype-chain properties from inside any {% render %} partial. This is a distinct exploit surface from the previously identified array-filter variants (where, reject, group_by, find, find_index, has) — the underlying root cause in Context.spawn() is shared, but {% render %} is a separately reachable sink that needs no filter usage. This issue has been fixed in version 10.26.0.

Published: 2026-06-17

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

LiquidJS creates a child context for the {% render %} tag using Context.spawn(), but fails to propagate the parent context's ownPropertyOnly setting. The new context inherits its ownPropertyOnly value from the instance's ownPropertyOnly option instead of respecting a per‑render override supplied to parseAndRender(). As a result, when a Liquid instance is configured for backward compatibility with ownPropertyOnly:false and the developer later attempts to lock down rendering of untrusted data with parseAndRender(..., { ownPropertyOnly: true }), the {% render %} tag silently bypasses the restriction and leaks prototype‑chain properties that would normally be hidden. This misconfiguration allows attackers to access hidden properties on JavaScript prototypes, potentially exposing sensitive data and violating integrity. The flaw is a classic example of a security‑misconfiguration weakness (CWE‑693).

Affected Systems

The vulnerability affects v10.25.7 and older releases of the Harttle LiquidJS template engine. All earlier versions prior to 10.26.0 are impacted; the issue was resolved with the 10.26.0 release. Users employing other vendor forks that forked from these versions are also susceptible if the same code path remains unchanged.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS is below 1 %, suggesting a low but non‑zero likelihood of exploitation at this time. The flaw is not listed in the CISA KEV catalog. Exploitation requires that an attacker control or influence the Liquid template supplied to a server, and that the server subsequently renders that template using a {% render %} tag. A successful exploit would result in the leakage of prototype‑chain properties from untrusted templates, compromising data confidentiality and potentially allowing further attacks on the host application.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

harttle

liquidjs

affected

Version	Status	Constraints
`< 10.26.0`	affected	—

No data.

Vendor Product Confidence Versions

Harttle

Liquidjs

100%

Version	Status	Scheme	Platform
`[0,10.26.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to LiquidJS version 10.26.0 or later to apply the patch that enforces ownPropertyOnly across all contexts.
If an upgrade cannot be performed immediately, avoid using the {% render %} tag in templates that render untrusted data, or configure the application to use a separate Liquid instance with ownPropertyOnly:true for all rendering operations.
Review all custom Liquid templates to ensure that ownPropertyOnly is explicitly set to true at the instance level and that no downstream rendering paths inadvertently override this setting.

Generated by OpenCVE AI on June 18, 2026 at 19:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-9x9p-qf8f-mvjg	LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0044.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/harttle/liquidjs/commit/dbbf6288030591bf6da28d8c1cce5a17bca97bb6
https://github.com/harttle/liquidjs/releases/tag/v10.26.0
https://github.com/harttle/liquidjs/security/advisories/GHSA-9x9p-qf8f-mvjg

History

Thu, 18 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Harttle Harttle liquidjs
Vendors & Products		Harttle Harttle liquidjs

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn() creates a child Context for the {% render %} tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly (the instance-level option), silently discarding any RenderOptions.ownPropertyOnly override that was supplied to parseAndRender(). As a result, a developer who runs a Liquid instance with the backwards-compatible ownPropertyOnly:false and then locks down an untrusted render with parseAndRender(..., { ownPropertyOnly: true }) still leaks prototype-chain properties from inside any {% render %} partial. This is a distinct exploit surface from the previously identified array-filter variants (where, reject, group_by, find, find_index, has) — the underlying root cause in Context.spawn() is shared, but {% render %} is a separately reachable sink that needs no filter usage. This issue has been fixed in version 10.26.0.
Title		LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
Weaknesses		CWE-693
References		https://github.com/harttle/liquidjs/commit/dbbf6288030591bf6da28d8c1cce5a17bca97bb6 https://github.com/harttle/liquidjs/releases/tag/v10.26.0 https://github.com/harttle/liquidjs/security/advisories/GHSA-9x9p-qf8f-mvjg
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Harttle Liquidjs

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-17T22:25:15.319Z

Updated: 2026-06-18T13:53:51.906Z

Reserved: 2026-05-07T15:30:10.875Z

Link: CVE-2026-44646

Vulnrichment

Updated: 2026-06-18T13:45:47.617Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-18T19:15:02Z

Weaknesses

CWE-693
Protection Mechanism Failure

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object