CVE-2026-33210

ADVISORY - github

Summary

Impact

A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents.

This option isn't the default, if you didn't opt-in to use it, you are not impacted.

Patches

Patched in 2.19.2.

Workarounds

The issue can be avoided by not using the allow_duplicate_key: false parsing option.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-134⁠

Use of Externally-Controlled Format String

Impacted images

Advisories

GitHub

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY IDGHSA-3m6g-2423-7cp3⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-134⁠

CVSS SCORE

8.3high