CVE-2026-15538 | primefaces primereact up to 10.9.8 API ObjectUtils.mutateFieldData Field prototype pollution (Issue 8553)
A vulnerability classified as critical has been found in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is tracked as CVE-2026-15538. The attack is possible to be carried out remotely. No exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More