CVE-2026-16151
CVE-2026-16151 affects CartoDB’s carto-api-client 0.5.29, specifically the addFilter function in src/filters.ts. The issue is prototype pollution caused by manipulating the argument column, enabling remote manipulation of object prototype attributes. The vulnerability is reported as remote-execut...