CVE-2026-6594

HIGH WAF: Medium

CVSS 7.3 Published: 2026-04-20

CWE-94

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

Code Injection Medium WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection

References

github.com
vuldb.com
vuldb.com
vuldb.com

Back to CVE Database