CVE Catalog

CVE-2026-12209

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability has been detected in RubyLouvre avalon up to version 2.2.10, affecting an unknown function in the file src/filters/index.js of the Template Filter Handler component. This manipulation leads to improperly controlled modification of object prototype attributes.

Risk Assessment

The attack can be launched remotely, posing a serious security threat to the application. The public disclosure of the exploit increases the risk of its use by potential attackers.

Recommendation

It is recommended to update RubyLouvre to the latest version to eliminate this vulnerability. Additionally, monitoring systems for unauthorized modifications is advised.

Original NVD description (English source)

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS