CVE-2026-54898

Name of the Vulnerable Software and Affected Versions oj gem (affected versions not specified)

Description A heap use-after-free occurs in Oj::Parser#parse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's internal buffer. If a callback, such as hash start(), resizes the string (for example, via String#replace), Ruby reallocates the buffer and frees the original memory. This leaves the C parser with a dangling pointer, leading to a use-after-free when the next character is read.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.