Description

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5.

INFO

Published Date :

2026-03-31T01:48:45.759Z

Last Modified :

2026-03-31T13:55:54.998Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34043 vulnerability.

Vendors Products
Yahoo
  • Serialize
  • Serialize-javascript
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34043.

URL Resource
https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b cve-icon cve-icon cve-icon
https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5 cve-icon cve-icon cve-icon
https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-34043 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-34043 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact