CVE-2026-50193
ADVISORY - githubSummary
Impact
Potential Denial-of-Service when attacker sends deeply nested JSON if (and only if) service:
- Reads deeply nested (1000s of levels) JSON as
JsonNode(ObjectMapper.readTree()) - Writes out same (or modifided) node using
JsonNode.toString()
which can consume significant amount of resources with concurrent relatively small requests (1000 nested arrays is 2kB).
Patches
Fixed in 2.14.0 via https://github.com/FasterXML/jackson-databind/issues/3447.
Workarounds
Avoid serializing JsonNode using toString(): use ObjectMapper.writeValueAsString(node)
EPSS Score: 0.00616 (0.454)
Common Weakness Enumeration (CWE)
ADVISORY - github
Uncontrolled Resource Consumption
GitHub
CREATED
UPDATED
ADVISORY IDGHSA-3wrr-7qpf-2prh
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.3mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-50193
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-50193
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-cv7f-798c-9wgp
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-3j38-9539-qrfj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-5r7g-r7q7-789q
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-6699-hhrg-jf82
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-7p9h-w2wh-fvp3
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-pj4j-356x-xwvr
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-q5p4-23fw-7f2x
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-r9rw-96q8-jr7c
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-rgh7-68c6-235x
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-v8vf-c2vg-ccr9
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-