CVE-2026-32285

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions versions prior to 2026

Description The Delete function does not correctly validate offsets when processing malformed JSON input. This can result in a negative slice index and a runtime panic, potentially leading to a denial of service attack.

Recommendations Ensure proper validation of offsets when processing JSON input for the Delete function.

Exploit

Fix

DoS

RCE

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-125CWE-129

Related Identifiers

BDU:2026-04782

CLEANSTART-2026-AP92343

CLEANSTART-2026-AQ65185

CLEANSTART-2026-BG69533

CLEANSTART-2026-DA99134

CLEANSTART-2026-DM19620

CLEANSTART-2026-DO31246

CLEANSTART-2026-FH54780

CLEANSTART-2026-HQ88036

CLEANSTART-2026-JY63371

CLEANSTART-2026-PM81907

CLEANSTART-2026-PY36202

CLEANSTART-2026-WA14162

CLEANSTART-2026-WA84208

CVE-2026-32285

GHSA-6G7G-W4F8-9C9X

GO-2026-4514

OPENSUSE-SU-2026:10731-1

RHSA-2026:7191

SUSE-SU-2026:1135-1

Affected Products

Grafana Alloy

Red Hat Advanced Cluster Management For Kubernetes

Red Hat Openshift Container Platform

Red Hat Openshift Distributed Tracing

Red Hat Openstack Platform

Github.Com/Buger/Jsonparser

Golang-Github-Buger-Jsonparser

Govulncheck-Vulndb

Jsonparser

Mcphost

Prometheus

Rootio-Github.Com/Buger/Jsonparser

Tempo

Tempo-Fips

Terragrunt-Fips

CVE-2026-32285

Weakness Enumeration

Related Identifiers

Affected Products

References · 293