PT-2026-53915 · Unknown · Openapi.Net

Published

2026-06-30

·

Updated

2026-06-30

·

CVE-2026-49451

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions OpenAPI.NET versions 2.0.0-preview11 through 2.7.4 OpenAPI.NET versions 3.0.0 through 3.5.3
Description An issue in the parsing of OpenAPI documents can lead to process termination due to a stack overflow when a document contains a circular schema reference. This occurs when the software attempts to resolve references that point back to each other, creating an infinite loop. The problem affects both JSON and YAML reader paths through public OpenAPI.NET reader APIs. Applications, CLIs, developer tools, or services that parse untrusted OpenAPI documents in-process are susceptible to this availability impact.
Recommendations Update OpenAPI.NET versions 2.0.0-preview11 through 2.7.4 to version 2.7.5. Update OpenAPI.NET versions 3.0.0 through 3.5.3 to version 3.5.4. Run the parsing of OpenAPI documents from untrusted sources in an isolated process to reduce the impact of parser failures.

Exploit

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49451
GHSA-V5PM-XWQC-G5WC

Affected Products

Openapi.Net