Skip to main content

Mojo

1 CVEs product

Monthly

CVE-2026-14803 MEDIUM PATCH This Month

Memory exhaustion via uncontrolled recursion in Mojo::JSON's pure-Perl decoder allows network-accessible callers to cause denial of service in Mojolicious applications. All versions before 9.47 are affected when the pure-Perl decode path is active - specifically when Cpanel::JSON::XS is absent or MOJO_NO_JSON_XS=1 is set. No public exploit has been identified and EPSS sits at 0.19% (8th percentile), but the attack is conceptually trivial given the published patch diff and OSS-Security advisory.

Denial Of Service Mojo
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion via uncontrolled recursion in Mojo::JSON's pure-Perl decoder allows network-accessible callers to cause denial of service in Mojolicious applications. All versions before 9.47 are affected when the pure-Perl decode path is active - specifically when Cpanel::JSON::XS is absent or MOJO_NO_JSON_XS=1 is set. No public exploit has been identified and EPSS sits at 0.19% (8th percentile), but the attack is conceptually trivial given the published patch diff and OSS-Security advisory.

Denial Of Service Mojo
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy