CVE-2026-12208
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A weakness has been identified in jsonata-js jsonata up to version 2.2.0, concerning the createFrame function in the src/jsonata.js file. This manipulation leads to improperly controlled modification of object prototype attributes.
Risk Assessment
The ability to initiate attacks remotely poses a serious security threat to applications using this library. The publicly available exploit increases the risk of this vulnerability being exploited.
Recommendation
It is recommended to upgrade to the latest version of jsonata-js to mitigate this vulnerability. Additionally, systems should be monitored for potential attack attempts.
Original NVD description (English source)
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

