CVE-2026-24006

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Seroval versions 1.4.0 and below

Description Seroval allows JavaScript value stringification, including complex structures beyond the capabilities of JSON.stringify. In versions 1.4.0 and below, serializing objects with significant depth can cause a maximum call stack limit error. Version 1.4.1 introduces a depthLimit parameter in serialization/deserialization methods, which throws an error if the depth limit is exceeded.

Recommendations Update to version 1.4.1 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2026-24006

GHSA-3J22-8QJ3-26MX

Affected Products

Seroval

CVE-2026-24006

Weakness Enumeration

Related Identifiers

Affected Products

References · 12