Python
CVE-2026-32874
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (https://github.com/ultrajson/ultrajson).
CVSS VectorVendor: https://github.com/ultrajson/ultrajson
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 26 pypi packages depend on ujson (22 direct, 4 indirect)
Ecosystem-wide dependent count for version 5.4.0.
DescriptionCVE.org
Summary
ujson 5.4.0 to 5.11.0 inclusive contain an accumulating memory leak in JSON parsing _large_ (outside of the range [-2^63, 2^64 - 1]) integers.
Exploitability
Any service that calls ujson.load()/ujson.loads()/ujson.decode() on untrusted inputs is affected and vulnerable to denial of service attacks.
Details
The leaked memory is a copy of the string form of the integer plus an additional NULL byte. The leak occurs irrespective of whether the integer parses successfully or is rejected due to having more than sys.get_int_max_str_digits() digits, meaning that any sized leak per malicious JSON can be achieved provided that there is no limit on the overall size of the payload.
ujson.loads(str(2 ** 64 - 1))
# No leak
ujson.loads(str(2 ** 64))
# Leaks
ujson.loads(str(10 ** sys.get_int_max_str_digits()))
# Leaks and raises ValueErrorFix
The leak is fixed in ujson 5.12.0 (4baeb950df780092bd3c89fc702a868e99a3a1d2). There are no workarounds beyond upgrading to an unaffected version.
Credits
Discovered by Cameron Criswell/Skevros using Coverage-guided fuzzing (libFuzzer + AddressSanitizer)
AnalysisAI
ujson versions 5.4.0 through 5.11.0 contain a memory leak in JSON parsing of large integers outside the range [-2^63, 2^64 - 1], allowing remote denial of service attacks against services processing untrusted JSON input. An attacker can craft malicious JSON payloads with oversized integers to exhaust memory and crash vulnerable applications. A patch is available.
Technical ContextAI
ujson (ultrajson) is a fast JSON encoder and decoder written in C for Python, distributed via PyPI (pkg:pip/ujson). The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime), occurring specifically in the integer parsing routines when handling values outside the signed 64-bit and unsigned 64-bit integer ranges. When ujson.load(), ujson.loads(), or ujson.decode() encounters these large integers, it allocates memory for a string copy of the integer value plus a NULL byte but fails to properly deallocate this memory. The leak occurs regardless of whether the integer is successfully parsed or rejected due to exceeding Python's sys.get_int_max_str_digits() limit, meaning attackers can craft arbitrarily large integers to maximize memory consumption per request without overall payload size constraints.
RemediationAI
Upgrade ujson to version 5.12.0 or later immediately, which contains the fix implemented in commit 4baeb950df780092bd3c89fc702a868e99a3a1d2. The official release is available at https://github.com/ultrajson/ultrajson/releases/tag/5.12.0 and can be installed via pip with 'pip install --upgrade ujson>=5.12.0'. According to the security advisory at https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wgvc-ghv9-3pmm, there are no workarounds available beyond upgrading to an unaffected version. Organizations unable to immediately upgrade should consider implementing application-level controls such as strict input validation to reject JSON payloads containing integers exceeding expected ranges, request rate limiting, and memory consumption monitoring with automatic service restarts to mitigate denial of service impact.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-401 – Memory Leak
View allSame technique Denial Of Service
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-wgvc-ghv9-3pmm