Back to overview

CVE-2026-15698

MEDIUM
6.3
CVSS 3.1
Description
A vulnerability was determined in kofrasa mingo up to 7.2.1. This impacts the function update/updateOne/updateMany of the component Update API. Executing a manipulation of the argument Set can lead to improperly controlled modification of object prototype attributes. The attack may be launched remotely. Upgrading to version 7.2.2 will fix this issue. This patch is called fadc398251792c2ba441cbc539f359fc7943c0c2. It is recommended to upgrade the affected component.

Metadata

CVE ID
CVE-2026-15698
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-14 05:08 UTC
Published
2026-07-14 15:30 UTC
Last updated
2026-07-14 16:26 UTC
Primary CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attri…
Vendor / Product
kofrasa / mingo
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
kofrasa mingo 7.2.0, 7.2.1, 7.2.2
Weakness (CWE)
CWESourceDescription
CWE-1321 cna Improperly Controlled Modification of Object Prototype Attributes
CWE-94 cna Code Injection
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.5 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (8)
Back to overview