PT-2026-53915 · Unknown · Openapi.Net
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-49451
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenAPI.NET versions 2.0.0-preview11 through 2.7.4
OpenAPI.NET versions 3.0.0 through 3.5.3
Description
An issue in the parsing of OpenAPI documents can lead to process termination due to a stack overflow when a document contains a circular schema reference. This occurs when the software attempts to resolve references that point back to each other, creating an infinite loop. The problem affects both JSON and YAML reader paths through public OpenAPI.NET reader APIs. Applications, CLIs, developer tools, or services that parse untrusted OpenAPI documents in-process are susceptible to this availability impact.
Recommendations
Update OpenAPI.NET versions 2.0.0-preview11 through 2.7.4 to version 2.7.5.
Update OpenAPI.NET versions 3.0.0 through 3.5.3 to version 3.5.4.
Run the parsing of OpenAPI documents from untrusted sources in an isolated process to reduce the impact of parser failures.
Exploit
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openapi.Net