PT-2026-55476 · Npm · Jsonata

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-52746

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact

In JSONata <v2.2.0, it is possible to craft non-matching inputs to the $toMillis function that cause superlinear backtracking in the ISO-8601 validation regex. This may lead to denial of service in applications that evaluate user-provided JSONata expressions.

Patches

This issue has been addressed in JSONata version >= 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation.

References

Credit

Thank you to Doruk Tan Öztürk for disclosing this issue.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-52746
GHSA-86VW-MFPG-WWV9

Affected Products

Jsonata