Is Stack Overflow affected by CVE-2026-27942?

A denial-of-service vulnerability in fast-xml-parser versions prior to 5.3.8 can cause application crashes when the XML builder feature is used with specific configuration settings.

CVE-2026-27942

HIGH

2026-02-26 [email protected]

GHSA-fj3w-jwp8-x2g3

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch Released

Mar 02, 2026 - 14:54 nvd

Patch available

CVE Published

Feb 26, 2026 - 02:16 nvd

HIGH 7.5

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.

Analysis

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. …

Remediation

Within 24 hours: Identify all applications and services using fast-xml-parser and document current versions in use. Within 7 days: Upgrade fast-xml-parser to version 5.3.8 or later across all development, staging, and production environments, and conduct testing to validate functionality. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

Vendor Status

CVE-2026-27942 vulnerability details – vuln.today

Back

CVE-2026-27942

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-27942

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code