A vulnerability classified as problematic has been found in FasterXML jackson-databind up to 2.18.8/2.21.4/3.1.3 . Affected by this issue is the function BeanDeserializerBase.createContextual . This manipulation causes dynamically-determined object attributes. The identification of this vulnerability is CVE-2026-54515 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.