A vulnerability, which was classified as problematic , has been found in FasterXML jackson-databind up to 2.21.3/3.1.3 . This vulnerability affects the function SetterlessProperty.isMerging . Performing a manipulation results in incorrect authorization. This vulnerability is identified as CVE-2026-54517 . The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.