CVE-2026-1990

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions oatpp versions up to 1.3.1

Description A security issue has been identified in oatpp. The issue involves a null pointer dereference within the oatpp::data::type::ObjectWrapper::ObjectWrapper() function located in the src/oatpp/data/type/Type.hpp file. Local access is required for exploitation. The details of the issue have been publicly disclosed. The project was notified of the problem but has not yet responded.

Recommendations Versions prior to 1.3.1 should be used. As a temporary workaround, consider avoiding the use of the oatpp::data::type::ObjectWrapper::ObjectWrapper() function until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

CVE-2026-1990

Affected Products

Oatpp

CVE-2026-1990

Weakness Enumeration

Related Identifiers

Affected Products

References · 11