CVE-2026-45205

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/05/2026
Last modified:
15/05/2026

Description

Uncontrolled Recursion vulnerability in Apache Commons.<br /> <br /> When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles.<br /> This issue affects Apache Commons: from 2.2 before 2.15.0.<br /> <br /> Users are recommended to upgrade to version 2.15.0, which fixes the issue.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:commons_configuration:*:*:*:*:*:*:*:* 2.2 (including) 2.15.0 (excluding)