A vulnerability was found in RubyLouvre avalon up to 2.2.10 and classified as critical . The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler . Such manipulation leads to improperly controlled modification of object prototype attributes. This vulnerability is referenced as CVE-2026-12209 . It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did