Platform
php
Component
lagom-prototype-pollution-poc
Fixed in
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
CVE-2026-4239 describes a prototype pollution vulnerability affecting Lagom WHMCS Template versions 2.3.0 through 2.3.7. This flaw allows attackers to manipulate object prototype attributes, potentially leading to unexpected application behavior. A public exploit is available, increasing the risk of exploitation. While the CVSS score is LOW, prompt action is advised to mitigate potential impact.
Prototype pollution occurs when an attacker can inject properties into the prototype of a JavaScript object. In the context of Lagom WHMCS Template, this could allow an attacker to modify the behavior of existing functions or introduce new, malicious functionality. While the immediate impact might be limited, successful exploitation could lead to data corruption, denial of service, or even remote code execution depending on how the application utilizes the polluted prototype. The public availability of an exploit significantly increases the likelihood of exploitation, particularly if the template is widely deployed without immediate patching.
This vulnerability was publicly disclosed on 2026-03-16. The existence of a public proof-of-concept (POC) indicates a relatively low barrier to entry for attackers. The vendor was contacted but did not respond, suggesting a potential lack of active maintenance for the Lagom WHMCS Template. The CVSS score of 3.5 reflects the LOW severity, but the public exploit and lack of vendor response warrant immediate attention.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4239 is to upgrade Lagom WHMCS Template to a version that addresses the vulnerability. As no fixed version is specified, consult the vendor's website or repository for the latest release. If upgrading is not immediately feasible, consider implementing input validation and sanitization to prevent malicious data from reaching the Datatables component. Web application firewalls (WAFs) configured to detect prototype pollution attempts can provide an additional layer of defense. Monitor application logs for unusual object property modifications.
Update the Lagom WHMCS Template to a version later than 2.3.7. This will fix the prototype pollution vulnerability in the Datatables component.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4239 is a LOW severity vulnerability in Lagom WHMCS Template versions 2.3.0–2.3.7 that allows attackers to manipulate object prototype attributes via remote access.
You are affected if you are using Lagom WHMCS Template versions 2.3.0 through 2.3.7 and have not upgraded to a patched version. Check your installation version immediately.
Upgrade Lagom WHMCS Template to the latest available version. Consult the vendor's website or repository for the patched release.
A public proof-of-concept exists, indicating a potential for active exploitation. Prompt patching is recommended to reduce your risk.
Due to lack of vendor response, an official advisory may not be available. Monitor security news sources and community forums for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.