CVE-2026-1774 | CASL Ability up to 6.7.4 Extra rulesToFields prototype pollution

Inserito da Angelo Barbosa | Feb 10, 2026 | CVE

A vulnerability classified as critical has been found in CASL Ability up to 6.7.4. The affected element is the function rulesToFields of the component Extra Module. The manipulation leads to improperly controlled modification of object prototype attributes.

This vulnerability is uniquely identified as CVE-2026-1774. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-1774 | CASL Ability up to 6.7.4 Extra rulesToFields prototype pollution

Post correlati

CVE-2023-49551 | Cesanta MJS 2.20.0 msj.c mjs_op_json_parse denial of service (Issue 257)

CVE-2025-5650 | 1000projects Online Notice Board 1.0 /register.php fname sql injection

CVE-2024-37147 | glpi-project glpi up to 10.0.15 access control (GHSA-f2cg-fc85-ffmh)

CVE-2023-50838 | Basix NEX-Forms Plugin up to 8.5.5 on WordPress sql injection