CVE-2026-53609 | apostrophecms apostrophe up to 4.30.0 REST API Endpoint apos.util.set pullAll prototype pollution (GHSA-6h5j-32cf-4253)
A vulnerability classified as critical has been found in apostrophecms apostrophe up to 4.30.0. Affected by this issue is the function apos.util.set of the component REST API Endpoint. This manipulation of the argument pullAll causes improperly controlled modification of object prototype attributes.
The identification of this vulnerability is CVE-2026-53609. It is possible to initiate the attack remotely. There is no exploit available.