A vulnerability was found in spencermountain compromise up to 14.15.1. It has been rated as critical. Affected is the function
nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes.
This vulnerability is referenced as CVE-2026-15699. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
Applying a patch is the recommended action to fix this issue.
The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.