Product
A high-severity vulnerability, CVE-2026-53597, in the Prompty TypeScript loader (`@prompty/core`) versions `>= 2.0.0-alpha.1 < 2.0.0-beta.3` allows arbitrary JavaScript code execution in the host Node.js process when parsing untrusted `.prompty` files due to improper handling of `gray-matter`'s executable frontmatter engines.