CVE-2026-15702

Source
https://cve.org/CVERecord?id=CVE-2026-15702
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15702.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-15702
Published
2026-07-14T16:45:09.501Z
Modified
2026-07-17T03:42:02.713913007Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
tamagui config.ts updateConfig prototype pollution
Details

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.

Database specific
{
    "cwe_ids": [
        "CWE-1321",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/15xxx/CVE-2026-15702.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/tamagui/tamagui

Affected ranges

Type
GIT
Repo
https://github.com/tamagui/tamagui
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "2.0"
        },
        {
            "introduced": "2.1"
        },
        {
            "last_affected": "2.1"
        },
        {
            "introduced": "2.2"
        },
        {
            "last_affected": "2.2"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "last_affected": "2.3.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0
2.1
2.2
2.3.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15702.json"