A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
History

Tue, 14 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-915
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 13 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 06:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
Title primefaces primereact API ObjectUtils.mutateFieldData prototype pollution
First Time appeared Primefaces
Primefaces primereact
Weaknesses CWE-1321
CWE-94
CPEs cpe:2.3:a:primefaces:primereact:*:*:*:*:*:*:*:*
Vendors & Products Primefaces
Primefaces primereact
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-07-13T06:00:11.115Z

Updated: 2026-07-13T15:22:07.104Z

Reserved: 2026-07-12T18:03:07.553Z

Link: CVE-2026-15538

cve-icon Vulnrichment

Updated: 2026-07-13T15:22:00.667Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-13T06:00:11Z

Links: CVE-2026-15538 - Bugzilla