Object Prototype Manipulation in Primereact by Primefaces
CVE-2026-15538
5.3MEDIUM
What is CVE-2026-15538?
A vulnerability has been identified in the Primereact library up to version 10.9.8, specifically within the ObjectUtils.mutateFieldData function of the API component. This flaw allows for unauthorized manipulation of object prototype attributes through improper control of the 'Field' argument. As a result, attackers could execute this exploit remotely, leading to potential integrity issues within applications relying on this library. Notably, this vulnerability only impacts products that are no longer actively supported by the maintainer, raising concerns for projects continuing to utilize these outdated versions.
Affected Version(s)
primereact 10.9.0
primereact 10.9.1
primereact 10.9.2
