216.73.217.64

CVE-2025-50537

· Published 26/01/2026 16:15 · Modified 27/01/2026 14:59

Labels: CVE-2025-50537 2026-01-26CVE-2025-50537CWE-674[email protected]

Essential information

Published
26/01/2026 16:15
Modified
27/01/2026 14:59
Author
Creator
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS metrics

Description

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
eslint / eslint cpe:2.3:a:eslint:eslint:<9.26.0:*:*:*:*:*:*:*

References