CVE-2026-15698
kofrasa mingo Update API updateMany prototype pollution
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in kofrasa mingo up to 7.2.1. This impacts the function update/updateOne/updateMany of the component Update API. Executing a manipulation of the argument Set can lead to improperly controlled modification of object prototype attributes. The attack may be launched remotely. Upgrading to version 7.2.2 will fix this issue. This patch is called fadc398251792c2ba441cbc539f359fc7943c0c2. It is recommended to upgrade the affected component.
| CWE | CWE-1321 CWE-94 |
| Vendor | kofrasa |
| Product | mingo |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for kofrasa mingo
Be the first to know when new medium vulnerabilities affecting kofrasa mingo are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
kofrasa / mingo
7.2.0 7.2.1
References
vuldb.com: https://vuldb.com/vuln/378245 vuldb.com: https://vuldb.com/vuln/378245/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15698 vuldb.com: https://vuldb.com/submit/856014 github.com: https://github.com/kofrasa/mingo/issues/606 github.com: https://github.com/kofrasa/mingo/commit/fadc398251792c2ba441cbc539f359fc7943c0c2 github.com: https://github.com/kofrasa/mingo/releases/tag/7.2.2 github.com: https://github.com/kofrasa/mingo/
Credits
๐ wjm1 (VulDB User)