CVE-2026-6594 PUBLISHED

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

• sudosme (VulDB User) reporter
• VulDB CNA Team coordinator

• VDB-358229 | brikcss merge prototype pollution
• VDB-358229 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #791805 | brikcss @brikcss/merge 1.3.0 Prototype Pollution
• https://github.com/sudo-secure/security-research/blob/main/brikcss-merge/prototype-pollution/PoC.md

• Improperly Controlled Modification of Object Prototype Attributes CWE
• Code Injection CWE