A vulnerability classified as critical has been found in apostrophecms apostrophe up to 4.30.0 . Affected by this issue is the function apos.util.set of the component REST API Endpoint . This manipulation of the argument pullAll causes improperly controlled modification of object prototype attributes. The identification of this vulnerability is CVE-2026-53609 . It is possible to initiate the attack remotely. There is no exploit available.