CVE-2026-35209 — defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or — CVE Database · The Intelligence Room