CVE-2026-22880: Insecure Unknown Field Enumeration
Exposing validation error output variables of dynamically requested but locally unmapped fields inside a user-facing translation formatter permits arbitrary iteration and enumeration of internal form schema constraints.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
TS
TSgreprules fetch cve-2026-22880-insecure-unknown-field-enumeration --engine opengrepDescription
Exposing validation error output variables of dynamically requested but locally unmapped fields inside a user-facing translation formatter permits arbitrary iteration and enumeration of internal form schema constraints.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0