CVE-2026-55886
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
Jodit Editor versions prior to 4.12.26 are vulnerable to Prototype Pollution via the Jodit.modules.Helpers.set() function. An attacker can pass a crafted key chain containing __proto__, constructor, or prototype, leading to Object.prototype modification and injection of unexpected properties.
Risk Assessment
The risk includes injection of unexpected properties into objects, logic bypass, denial of service, and potential secondary security issues, especially if the application passes user-controlled data to the vulnerable function.
Recommendation
Immediately update Jodit Editor to version 4.12.26 or later, which includes a fix that eliminates the prototype pollution vulnerability.
Original NVD description (English source)
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.set(chain, value, obj), which walks the dot-separated chain, creating and following each path segment without filtering prototype-mutating keys. A chain that begins with (or contains) __proto__, constructor, or prototype lets the final assignment reach and mutate Object.prototype. Applications that pass a user-controlled or partially user-controlled key path into Jodit.modules.Helpers.set() could be vulnerable, causing unexpected property injection, logic bypass, denial of service, or secondary security issues. This issue has been fixed in version 4.12.26.

