brikcss merge prototype pollution_CVE-2026-6594

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-6594

Source VulDB

Published Apr 20, 2026 at 01:45

Affected Product

Vendor brikcss

Product merge

Version 1.0

Affected Versions brikcss merge 1.0
brikcss merge 1.1
brikcss merge 1.2
brikcss merge 1.3.0

CWE Classification

CWE-1321 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-20T01:45:12.099Z",
    "modified": "2026-04-20T01:45:12.099Z",
    "type": "cve",
    "title": "brikcss merge prototype pollution",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358229\nhttps://vuldb.com/vuln/358229/cti\nhttps://vuldb.com/submit/791805\nhttps://github.com/sudo-secure/security-research/blob/main/brikcss-merge/prototype-pollution/PoC.md",
    "id": "CVE-2026-6594",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1321",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "brikcss merge 1.0\nbrikcss merge 1.1\nbrikcss merge 1.2\nbrikcss merge 1.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "merge",
    "version": "1.0",
    "vendor": "brikcss",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}