CVE-2026-6594

Sažetak

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/sudo-secure/security-research/blob/main/brikcss-merge/prototype-pollution/PoC.md
https://vuldb.com/submit/791805
https://vuldb.com/vuln/358229
https://vuldb.com/vuln/358229/cti

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-04-2026 - 02:16

Objavljeno

20-04-2026 - 02:16