Prototype Pollution Vulnerability in Jodit Editor by Xdan
CVE-2026-55886
6.3MEDIUM
What is CVE-2026-55886?
Jodit Editor, a popular WYSIWYG editor implemented in pure TypeScript, is vulnerable to prototype pollution, which can lead to severe security implications. Specifically, versions prior to 4.12.26 allow the Jodit.modules.Helpers.set function to manipulate the Object.prototype due to inadequate filtering of prototype-modifying keys in the dot-separated chain. This vulnerability can be exploited by passing user-controlled keys, potentially leading to unexpected property assignments, logic bypasses, denial of service, and additional security risks. As a result, users are strongly urged to update to version 4.12.26 or later to mitigate these risks.
Affected Version(s)
jodit < 4.12.26
