A vulnerability was found in FasterXML jackson-databind up to 2.21.3/3.1.3 . It has been declared as critical . Impacted is the function UnwrappedPropertyHandler.processUnwrappedCreatorProperties . The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-54518 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.