Threats Tagged 'cve-2026-25150'
View all threats tagged with 'cve-2026-25150'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-25150'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-25150: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in QwikDev qwikCVE-2026-25150 0 CVE-2026-25150 is a critical prototype pollution vulnerability in the QwikDev qwik JavaScript framework versions prior to 1.19.0. The flaw exists in the formToObj() function of the @builder.io/qwik-city middleware, which improperly processes form field names containing dot notation without sanitizing dangerous property names like __proto__, constructor, and prototype. This allows unauthenticated attackers to send crafted HTTP POST requests that modify Object.prototype, potentially leading to privilege escalation, authentication bypass, or denial of service. The vulnerability has a CVSS score of 9.3, indicating critical severity, and affects all deployments using vulnerable qwik versions. Although no known exploits are currently in the wild, the ease of exploitation and impact on integrity make this a high-risk issue. Join the discussion | CVE Database V5 | 02/03/2026, 21:12:50 UTC Added: 02/03/2026, 21:30:11 UTC |
Showing 1 to 1 of 1 result