CVE-2026-53676

Summary

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).

Affected Software

VendorProductVersion RangeStatus
ThingsBoardThingsBoardprior to v4.3.1.2affected

Weaknesses

  • CWE-1321: Improperly controlled modification of object prototype attributes ('Prototype Pollution')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References