Skip to main content

Enquirer

1 CVEs product

Monthly

CVE-2026-15187 LOW POC Monitor

Prototype pollution in the enquirer npm package (versions up to 2.4.1) allows remote authenticated attackers to manipulate JavaScript Object.prototype attributes by injecting a crafted value into the question.name argument of the Enquirer.set() function. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting limited integrity-only impact scoped to the vulnerable system with no confidentiality or availability consequence. Publicly available exploit code exists via GitHub issue #487, though no active exploitation has been confirmed in CISA KEV.

Information Disclosure Prototype Pollution Enquirer
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

Prototype pollution in the enquirer npm package (versions up to 2.4.1) allows remote authenticated attackers to manipulate JavaScript Object.prototype attributes by injecting a crafted value into the question.name argument of the Enquirer.set() function. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting limited integrity-only impact scoped to the vulnerable system with no confidentiality or availability consequence. Publicly available exploit code exists via GitHub issue #487, though no active exploitation has been confirmed in CISA KEV.

Information Disclosure Prototype Pollution Enquirer
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy