What is the CVSS score of CVE-2026-45325?

CVE-2026-45325 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L.

Which versions of @tmlmobilidade/utils are affected by CVE-2026-45325?

A prototype pollution vulnerability in the @tmlmobilidade/utils npm package enables attackers to corrupt application data and degrade performance without requiring authentication, creating material…. A patch is available.

@tmlmobilidade/utils CVE-2026-45325

HIGH

Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)

2026-05-18 https://github.com/tmlmobilidade/go

GHSA-cmxg-94mg-jq94

Information Disclosure Prototype Pollution

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Lifecycle Timeline

Source Code Evidence Fetched

May 18, 2026 - 18:01 vuln.today

Analysis Generated

May 18, 2026 - 18:01 vuln.today

DescriptionNVD

Impact

Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath().

Patches

A fix is available in versions 20260509.0340.15 and up.

AnalysisAI

Prototype pollution in the @tmlmobilidade/utils npm package allows remote unauthenticated attackers to inject properties into Object.prototype via the setValueAtPath() helper, leading to integrity compromise and partial availability impact in any downstream application that passes user-influenced paths into the function. The flaw is rated CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) and is fixed in version 20260509.0340.15; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RemediationAI

Within 24 hours: Audit your software bill of materials (SBOM) to identify all applications using @tmlmobilidade/utils; alert development and infrastructure teams of the HIGH severity vulnerability. Within 7 days: Upgrade @tmlmobilidade/utils to version 20260509.0340.15 in all affected applications; conduct comprehensive testing in staging environments before production deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45325 vulnerability details – vuln.today

Back

@tmlmobilidade/utils CVE-2026-45325

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Impact

Patches

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code