Skip to main content

Primereact

1 CVEs product

Monthly

CVE-2026-15538 MEDIUM Monitor

Prototype pollution in PrimeReact (all versions through 10.9.8) allows authenticated remote attackers to improperly modify JavaScript object prototype attributes via the ObjectUtils.mutateFieldData API function by crafting malicious Field argument values. Affected deployments face limited confidentiality and integrity exposure at the vulnerable system level. No patch has been issued - the maintainer has not responded to responsible disclosure, and the affected version range is officially end-of-life. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Prototype Pollution Primereact
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM Monitor

Prototype pollution in PrimeReact (all versions through 10.9.8) allows authenticated remote attackers to improperly modify JavaScript object prototype attributes via the ObjectUtils.mutateFieldData API function by crafting malicious Field argument values. Affected deployments face limited confidentiality and integrity exposure at the vulnerable system level. No patch has been issued - the maintainer has not responded to responsible disclosure, and the affected version range is officially end-of-life. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Prototype Pollution Primereact
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy