Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses a crafted ordered-map document. This issue is fixed in version 5.2.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 27.9%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-59870
  • Nodeca » Js-Yaml » Version: 5.0.0
    cpe:2.3:a:nodeca:js-yaml:5.0.0
  • Nodeca » Js-Yaml » Version: 5.1.0
    cpe:2.3:a:nodeca:js-yaml:5.1.0
  • Nodeca » Js-Yaml » Version: 5.2.0
    cpe:2.3:a:nodeca:js-yaml:5.2.0


Contact Us

Shodan ® - All rights reserved