A vulnerability categorized as critical has been discovered in enquirer up to 2.4.1. Affected is the function
Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes.
This vulnerability is reported as CVE-2026-15187. The attack can be launched remotely. Moreover, an exploit is present.
The project was informed of the problem early through an issue report.