PT-2026-40906 · Apache · Apache Commons

Erichen

+1

·

Published

2026-05-14

·

Updated

2026-06-26

·

CVE-2026-45205

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Apache Commons versions 2.2 through 2.14.x
Description An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack exceeds its allocated memory—when handling YAML input containing cycles.
Recommendations Upgrade to version 2.15.0.

Exploit

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45205
GHSA-337M-MW94-2V6G
OPENSUSE-SU-2026:10784-1
OPENSUSE-SU-2026:20841-1
SUSE-SU-2026:21996-1
SUSE-SU-2026:2642-1

Affected Products

Apache Commons