Bug 2499590 (CVE-2026-15538) - CVE-2026-15538 primereact: PrimeReact: Remote attacker can modify object prototype attributes
Summary: CVE-2026-15538 primereact: PrimeReact: Remote attacker can modify object prot...
Keywords:
Status: NEW
Alias: CVE-2026-15538
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-13 07:01 UTC by OSIDB Bzimport
Modified: 2026-07-13 13:52 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-13 07:01:25 UTC
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.


Note You need to log in before you can comment on or make changes to this bug.