CVE-2026-2964 | higuma web-audio-recorder-js 0.1/0.1.1 Dynamic Config Handling lib/WebAudioRecorder.js extend prototype pollution

A vulnerability was found in higuma web-audio-recorder-js 0.1/0.1.1 and classified as problematic. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes.

This vulnerability is referenced as CVE-2026-2964. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2964 | higuma web-audio-recorder-js 0.1/0.1.1 Dynamic Config Handling lib/WebAudioRecorder.js extend prototype pollution

Post correlati

CVE-2025-57156 | owntone-server up to 28.12 src/httpd_dacp.c dacp_reply_playqueueedit_clear null pointer dereference (Issue 1907)

CVE-2024-10937 | PickPlugins Related Posts, Inline Related Posts, Contextual Related Posts, Related Content Plugin information disclosure

CVE-2025-66370 | Kivitendo up to 3.9.1 ZUGFeRD xml external entity reference

CVE-2023-42900 | Apple macOS up to 14.1 App access control (HT214036)