A vulnerability described as critical has been identified in CartoDB carto-api-client 0.5.29. This impacts the function addFilter of the file src/filters.ts. Such manipulation of the argument column leads to improperly controlled modification of object prototype attributes.

This vulnerability is documented as CVE-2026-16151. The attack can be executed remotely. There is not any exploit available.

The project was informed of the problem early through an issue report but has not responded yet.