A vulnerability has been found in CartoDB carto-api-client 0.5.29. This impacts the function addFilter of the file src/filters.ts. Such manipulation of the argument column leads to improperly controlled modification of object prototype attributes. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.
History

Sat, 18 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in CartoDB carto-api-client 0.5.29. This impacts the function addFilter of the file src/filters.ts. Such manipulation of the argument column leads to improperly controlled modification of object prototype attributes. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.
Title CartoDB carto-api-client filters.ts addFilter prototype pollution
First Time appeared Cartodb
Cartodb carto-api-client
Weaknesses CWE-1321
CWE-94
CPEs cpe:2.3:a:cartodb:carto-api-client:*:*:*:*:*:*:*:*
Vendors & Products Cartodb
Cartodb carto-api-client
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-07-18T19:45:08.449Z

Updated: 2026-07-18T19:45:08.449Z

Reserved: 2026-07-17T19:30:24.070Z

Link: CVE-2026-16151

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.