CVE-2026-12209
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability has been detected in RubyLouvre avalon up to version 2.2.10, affecting an unknown function in the file src/filters/index.js of the Template Filter Handler component. This manipulation leads to improperly controlled modification of object prototype attributes.
Risk Assessment
The attack can be launched remotely, posing a serious security threat to the application. The public disclosure of the exploit increases the risk of its use by potential attackers.
Recommendation
It is recommended to update RubyLouvre to the latest version to eliminate this vulnerability. Additionally, monitoring systems for unauthorized modifications is advised.
Original NVD description (English source)
A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

