A vulnerability was found in kofrasa mingo up to 7.2.1. It has been declared as critical. This impacts the function update/updateOne/updateMany of the component Update API. Executing a manipulation of the argument Set can lead to improperly controlled modification of object prototype attributes.

The identification of this vulnerability is CVE-2026-15698. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.