CVE-2026-15699 spencermountain compromise Public Root API extend.js nlp.extend prototype pollution
A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes. Remot...