CVE-2026-6594

HIGH 7.3

brikcss merge prototype pollution

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-1321 CWE-94
Vendor	brikcss
Product	merge
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for brikcss merge

Be the first to know when new high vulnerabilities affecting brikcss merge are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

brikcss / merge

1.0 1.1 1.2 1.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/358229 vuldb.com: https://vuldb.com/vuln/358229/cti vuldb.com: https://vuldb.com/submit/791805 github.com: https://github.com/sudo-secure/security-research/blob/main/brikcss-merge/prototype-pollution/PoC.md

Credits

🔍 sudosme (VulDB User) VulDB CNA Team