A vulnerability classified as critical was found in tmlmobilidade Gestor de Oferta up to 20260509.0340.14. This affects the function setValueAtPath of the file packages/utils/src/generic/value-at-path.ts of the component Utils. Such manipulation leads to improperly controlled modification of object prototype attributes.

This vulnerability is listed as CVE-2026-45325. The attack may be performed from remote. There is no available exploit.