CVE-2026-15702
tamagui config.ts updateConfig prototype pollution
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.
| CWE | CWE-1321 CWE-94 |
| Vendor | n/a |
| Product | tamagui |
| Published | Jul 14, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a tamagui
Be the first to know when new medium vulnerabilities affecting n/a tamagui are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / tamagui
2.0 2.1 2.2 2.3.0
References
vuldb.com: https://vuldb.com/vuln/378249 vuldb.com: https://vuldb.com/vuln/378249/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15702 vuldb.com: https://vuldb.com/submit/856138 github.com: https://github.com/tamagui/tamagui/issues/4029 github.com: https://github.com/tamagui/tamagui/commit/e46af9879b7627934ea4d6d6e46e65cea53abb3d github.com: https://github.com/tamagui/tamagui/releases/tag/v2.3.1 github.com: https://github.com/tamagui/tamagui/
Credits
๐ wjm1 (VulDB User)