3 matches found
CVE-2026-55886 Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...
CVE-2026-55886
CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...
jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set()
Summary Jodit.modules.Helpers.setchain, value, obj walks the dot-separated chain, creating and following each path segment, without filtering prototype-mutating keys. A chain that begins with or contains proto, constructor, or prototype lets the final assignment reach and mutate Object.prototype...