A vulnerability classified as problematic was found in FasterXML jackson-databind up to 2.21.3/3.1.3 . This affects the function POJOPropertiesCollector._renameProperties . Such manipulation of the argument backing leads to dynamically-determined object attributes. This vulnerability is referenced as CVE-2026-54516 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.