Prototype Pollution Vulnerability in apidevtools json-schema-ref-parser
CVE-2026-15195

5.3MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

What is CVE-2026-15195?

An improper handling of object prototype attributes has been discovered in the apidevtools json-schema-ref-parser library, affecting versions up to 15.3.5. This vulnerability allows attackers to remotely manipulate object prototype attributes through the Refs.set and Pointer.set functions, which could lead to unexpected behavior and potential exploitation. The issue is addressed in version 15.3.6, and it is recommended for users to update their library promptly to mitigate the risk.

Affected Version(s)

json-schema-ref-parser 15.3.0

json-schema-ref-parser 15.3.1

json-schema-ref-parser 15.3.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dremig (VulDB User)
.