A vulnerability was found in apidevtools json-schema-ref-parser up to 15.3.5 and classified as critical. This impacts the function
Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.
This vulnerability is tracked as CVE-2026-15195. The attack can be launched remotely. Moreover, an exploit is present.
It is suggested to upgrade the affected component.