CVE-2026-6594

Summary

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
brikcssmerge1.0affected
brikcssmerge1.1affected
brikcssmerge1.2affected
brikcssmerge1.3.0affected

Weaknesses

  • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References