CVE-2026-24006

HIGH
2026-01-22 [email protected] GHSA-3j22-8qj3-26mx
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch Released
Apr 06, 2026 - 13:51 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 22, 2026 - 03:15 nvd
HIGH 7.5

Tags

Deserialization Denial Of Service Redhat Suse

Description

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a `depthLimit` parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached.

Analysis

Seroval versions 1.4.0 and below are vulnerable to denial of service attacks due to unbounded recursion when serializing deeply nested objects, allowing remote attackers to crash applications by exceeding the call stack limit. The vulnerability affects the deserialization library's handling of complex data structures without depth validation. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Vendor Status

Share

CVE-2026-24006 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy