CVE-2026-42077

Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3

Description A prototype pollution issue in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The flaw occurs within the applyUpdate() and updateRecord() functions, which utilize Object.assign() to merge user-controlled data without filtering dangerous keys such as proto, constructor, or prototype.

Recommendations Update to version 1.69.3.