CVE-2026-32141 – flatted: Unbounded recursion DoS in parse() revive phase

CVE ID :CVE-2026-32141

Published : March 12, 2026, 6:08 p.m. | 18 minutes ago

Description :flatted is a circular JSON parser. Prior to 3.4.0, flatted’s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2026-32100 – swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes

CVE-2026-32140 – Dataease: Redshift JDBC RCE Bypass

CVE-2025-13462 – tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

CVE-2026-32139 – Dataease: Unfiltered active SVG content leads to Stored XSS