CVE-2026-53676
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk44th percentile — higher than 44% of all known CVEs
Summary
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).
Risk Assessment
This vulnerability may allow an attacker to execute unauthorized code, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update to the latest version of ThingsBoard and restrict access to accounts with tenant administrator privileges.
Original NVD description (English source)
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).

