A vulnerability was found in cerebrate up to 1.36 . It has been declared as critical . This vulnerability affects the function Add . The manipulation of the argument params results in dynamically-determined object attributes. This vulnerability is reported as CVE-2026-53901 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.