PT-2026-40906 · Apache · Apache Commons
Erichen
+1
·
Published
2026-05-14
·
Updated
2026-06-26
·
CVE-2026-45205
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Apache Commons versions 2.2 through 2.14.x
Description
An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack exceeds its allocated memory—when handling YAML input containing cycles.
Recommendations
Upgrade to version 2.15.0.
Exploit
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Commons