๐Ÿ” CVE Alert

CVE-2026-15607

MEDIUM 4.3

tanstack db Alias Path select.ts select prototype pollution

CVSS Score
4.3
EPSS Score
0.3%
EPSS Percentile
17th

A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipulation results in improperly controlled modification of object prototype attributes. The attack may be launched remotely. The exploit is now public and may be used. The patch is identified as ac09b1177a100eafa85cba3cd09dd1f53f933ded. A patch should be applied to remediate this issue.

CWE CWE-1321 CWE-94
Vendor tanstack
Product db
Published Jul 13, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for tanstack db

Be the first to know when new medium vulnerabilities affecting tanstack db are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

tanstack / db
0.6.0 0.6.1 0.6.2 0.6.3 0.6.4 0.6.5 0.6.6 0.6.7 0.6.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/378115 vuldb.com: https://vuldb.com/vuln/378115/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15607 vuldb.com: https://vuldb.com/submit/855677 github.com: https://github.com/TanStack/db/issues/1584 github.com: https://github.com/TanStack/db/pull/1595 github.com: https://github.com/TanStack/db/commit/ac09b1177a100eafa85cba3cd09dd1f53f933ded github.com: https://github.com/TanStack/db/

Credits

๐Ÿ” Dremig (VulDB User)