CVE-2026-15538
CVE-2026-15538 affects PrimeFaces PrimeReact up to 10.9.8. The vulnerability is in the API function ObjectUtils.mutateFieldData, where manipulation of the argument Field enables prototype attribute modification (prototype pollution). The attack is stated as remotely exploitable. The issue notes t...