CVE-2026-16150
The CVE affects RobinHerbots Inputmask (versions up to 5.0.9). The vulnerability arises in the Internal Deep Merge Helper’s extendDefaults/extendDefinitions/extendAliases in lib/dependencyLibs/extend.js, causing improperly controlled modification of object prototype attributes (prototype pollutio...