Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.

INFO

Published Date :

2026-02-26T01:22:11.383Z

Last Modified :

2026-02-26T15:49:35.449Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27942 vulnerability.

Vendors Products
Naturalintelligence
  • Fast-xml-parser
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27942.

URL Resource
https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a cve-icon cve-icon cve-icon
https://github.com/NaturalIntelligence/fast-xml-parser/pull/791 cve-icon cve-icon cve-icon
https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-27942 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-27942 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact