CVE-2026-12209

5.3 MEDIUM

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-1321, CWE-94

Description

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12209
[Other]https://github.com/OriginSecurityX/avalon-filter-rce
[Other]https://vuldb.com/cve/CVE-2026-12209
[Other]https://vuldb.com/submit/832447
[Other]https://vuldb.com/vuln/370851
[Other]https://vuldb.com/vuln/370851/cti

Related CVEs

Same CWE

CVE-2026-12208 — A weakness has been identified in jsonata-js jsonata up to 2.2.0 (5.3 MEDIUM)
CVE-2026-12202 — A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3 (2.4 LOW)
CVE-2026-12176 — A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 (4.3 MEDIUM)
CVE-2026-53609 — ApostropheCMS is an open-source Node.js content management system (9.1 CRITICAL)
CVE-2026-54057 — Kitty is a cross-platform GPU based terminal