Jackson Core

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-29062 HIGH PATCH This Week

Jackson Core versions 3.0.0 through 3.0.x fail to enforce maximum nesting depth limits in UTF8DataInputJsonParser and ReaderBasedJsonParser, allowing attackers to craft deeply nested JSON documents that trigger StackOverflowError and crash the application. This denial of service vulnerability affects any Java application using the vulnerable Jackson Core versions to parse untrusted JSON input. A patch is available in version 3.1.0.

Java Denial Of Service Jackson Core

NVD GitHub

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-29062

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Jackson Core versions 3.0.0 through 3.0.x fail to enforce maximum nesting depth limits in UTF8DataInputJsonParser and ReaderBasedJsonParser, allowing attackers to craft deeply nested JSON documents that trigger StackOverflowError and crash the application. This denial of service vulnerability affects any Java application using the vulnerable Jackson Core versions to parse untrusted JSON input. A patch is available in version 3.1.0.

Java Denial Of Service Jackson Core

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy