CVE-2026-27629: Ts Unsafe State Cast Access
Direct property access on a state object that was retrieved and cast using `as`. This bypasses TypeScript's null safety. If the state is undefined (e.g., due to user being unauthenticated), this will cause a fatal runtime TypeError (`Cannot read properties of undefined`). Use optional chaining (`?.`) instead, or check if the object exists before accessing.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
TS
TSgreprules fetch cve-2026-27629-ts-unsafe-state-cast-access --engine opengrepDescription
Direct property access on a state object that was retrieved and cast using `as`. This bypasses TypeScript's null safety. If the state is undefined (e.g., due to user being unauthenticated), this will cause a fatal runtime TypeError (`Cannot read properties of undefined`). Use optional chaining (`?.`) instead, or check if the object exists before accessing.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0