PT-2026-57643 · Primefaces · Primereact

Dremig

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-15538

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions primefaces primereact versions prior to 10.9.9
Description A weakness in the API component allows remote attackers to cause improperly controlled modification of object prototype attributes. This occurs through the manipulation of the Field argument within the ObjectUtils.mutateFieldData() function. This issue specifically affects products that are no longer supported by the maintainer.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Prototype Pollution

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15538

Affected Products

Primereact