2 matches found
CVE-2026-15698 kofrasa mingo Update API updateMany prototype pollution
A vulnerability was determined in kofrasa mingo up to 7.2.1. This impacts the function update/updateOne/updateMany of the component Update API. Executing a manipulation of the argument Set can lead to improperly controlled modification of object prototype attributes. The attack may be launched...
CVE-2026-15698
CVE-2026-15698 affects kofrasa mingo up to 7.2.1. The vulnerability lies in the Update API’s functions update/updateOne/updateMany, where manipulating the Set argument can lead to prototype pollution of object attributes. The issue is exploitable remotely, and a fix is available in version 7.2.2 ...