Back to overview

CVE-2026-15195

MEDIUM Exploitation: PoC
6.3
CVSS 3.1
Description
A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. Upgrading to version 15.3.6 will fix this issue. This patch is called a786bc6afc3674f650496472ee93d5cf74c4bd84. It is suggested to upgrade the affected component.

Metadata

CVE ID
CVE-2026-15195
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-09 06:00 UTC
Published
2026-07-09 17:15 UTC
Last updated
2026-07-09 18:23 UTC
Primary CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attri…
Vendor / Product
apidevtools / json-schema-ref-parser
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
apidevtools json-schema-ref-parser 15.3.0, 15.3.1, 15.3.2, 15.3.3 …
Weakness (CWE)
CWESourceDescription
CWE-1321 cna Improperly Controlled Modification of Object Prototype Attributes
CWE-94 cna Code Injection
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.5 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (8)
Back to overview