CVE-2026-2641

Name of the Vulnerable Software and Affected Versions universal-ctags versions up to 6.2.1

Description A flaw exists in the V Language Parser component of universal-ctags. Specifically, the parseExpression/parseExprList functions within the parsers/v.c file are susceptible to uncontrolled recursion. This can be triggered through manipulation and is exploitable on a local host. The exploit code has been publicly released. The project maintainers were notified of the issue but have not yet responded.

Recommendations Versions prior to 6.2.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.