Prototype Pollution Vulnerability in antv layout Library by AntV
CVE-2026-15598
5.3MEDIUM
What is CVE-2026-15598?
A vulnerability has been identified in the antv layout library version 2.0.0, specifically within the setNestedValue function located in lib/util/object.js. This flaw allows an attacker to manipulate the argument path, potentially leading to improper control over object prototype attributes. Such exploitation enables remote attacks that can compromise the integrity of the application. Reports regarding this issue have been submitted, but there has been no formal acknowledgment or response from the developers.
Affected Version(s)
layout 2.0.0
