PT-2026-22099 · Unknown · Fast-Xml-Parser

Lowamitgupta

Published

2026-02-26

Updated

2026-05-18

CVE-2026-27942

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 5.3.8

Description fast-xml-parser is a tool for XML validation, parsing XML to JavaScript objects, and building XML from JavaScript objects without relying on C/C++ libraries or callbacks. Prior to version 5.3.8, the application is susceptible to a stack overflow when utilizing the XML builder with the preserveOrder option set to true. This can lead to application crashes. As a temporary measure, using the XML builder with preserveOrder set to false or validating input data before passing it to the builder can mitigate the issue.

Recommendations Update to version 5.3.8 or later. As a temporary workaround, use the XML builder with preserveOrder:false. Validate input data before passing it to the builder.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CLEANSTART-2026-CE10526

CLEANSTART-2026-DV49099

CLEANSTART-2026-GS57401

CLEANSTART-2026-NB51079

CLEANSTART-2026-OW14933

CLEANSTART-2026-SW34937

CVE-2026-27942

GHSA-FJ3W-JWP8-X2G3

Affected Products

Fast-Xml-Parser

PT-2026-22099 · Unknown · Fast-Xml-Parser

CVE-2026-27942

Weakness Enumeration

Related Identifiers

Affected Products

References · 151