Prototype Pollution Vulnerability in ThingsBoard by ThingsBoard Inc.
CVE-2026-53676

8.6HIGH

Key Information:

Vendor: Thingsboard
Status: Thingsboard
Vendor: CVE Published:; 17 June 2026

🔔 Create Thingsboard Vulnerability Alert

What is CVE-2026-53676?

ThingsBoard contains a prototype pollution vulnerability that affects tenant administrators with the ability to log in to the system. This flaw may enable attackers to execute arbitrary code within a sandboxed context. Organizations using affected versions should assess their exposure and ensure that proper security measures are in place to mitigate potential risks.

Affected Version(s)

ThingsBoard prior to v4.3.1.2

References

https://thingsboard.io/docs/releases/releases-table/

https://github.com/thingsboard/thingsboard/pull/15600

https://jvn.jp/en/jp/JVN16937365/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 10, 2026

CVE-2026-53676 Data

JSON