CVE-2026-54756

CVE-2026-54756

Published Jul 1, 2026·Updated Jul 1, 2026

Description

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure(options) — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering prototype-mutating keys, potentially causing a Prototype Pollution vulnerability. A payload nested under an existing plain-object option such as controls could reach and mutate Object.prototype. Applications that pass user-controlled or partially user-controlled configuration into Jodit.configure() may be vulnerable. This issue was fixed in version 4.12.18.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free