PatchSiren

CartoDB CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM CartoDB CVE published 2026-07-18

CVE-2026-16151

A vulnerability was found in CartoDB carto-api-client version 0.5.29. The issue affects the addFilter function in the src/filters.ts file. Manipulation of the column argument leads to improperly controlled modification of object prototype attributes. The attack can be executed remotely. The project was informed early through an issue report but has not responded yet. This vulnerability has a CVSS score of [truncated]