Prototype Pollution Vulnerability in apidevtools json-schema-ref-parser
CVE-2026-15195
5.3MEDIUM
What is CVE-2026-15195?
An improper handling of object prototype attributes has been discovered in the apidevtools json-schema-ref-parser library, affecting versions up to 15.3.5. This vulnerability allows attackers to remotely manipulate object prototype attributes through the Refs.set and Pointer.set functions, which could lead to unexpected behavior and potential exploitation. The issue is addressed in version 15.3.6, and it is recommended for users to update their library promptly to mitigate the risk.
Affected Version(s)
json-schema-ref-parser 15.3.0
json-schema-ref-parser 15.3.1
json-schema-ref-parser 15.3.2
