CVE-2026-12209 | RubyLouvre avalon up to 2.2.10 Template Filter src/filters/index.js prototype pollution (EUVD-2026-36683)
A vulnerability was found in RubyLouvre avalon up to 2.2.10 and classified as critical. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes.
This vulnerability is referenced as CVE-2026-12209. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.