Back to overview

CVE-2026-15607

MEDIUM
4.3
CVSS 3.1
Description
A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipulation results in improperly controlled modification of object prototype attributes. The attack may be launched remotely. The exploit is now public and may be used. The patch is identified as ac09b1177a100eafa85cba3cd09dd1f53f933ded. A patch should be applied to remediate this issue.

Metadata

CVE ID
CVE-2026-15607
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-13 15:40 UTC
Published
2026-07-13 23:00 UTC
Last updated
2026-07-13 23:00 UTC
Primary CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attri…
Vendor / Product
tanstack / db
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
tanstack db 0.6.0, 0.6.1, 0.6.2, 0.6.3 …
Weakness (CWE)
CWESourceDescription
CWE-1321 cna Improperly Controlled Modification of Object Prototype Attributes
CWE-94 cna Code Injection
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
4.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
4.0 N/D 2.0 cna AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
References (8)
Back to overview