Main Vulnerability Database Vulnerabilities #VU123005

#VU123005 Infinite loop in kaml - CVE-2021-39194

Published: February 18, 2026

Vulnerability identifier: #VU123005

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-39194

CWE-ID: CWE-835

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
kaml

Software vendor:
charleskorn

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote user can provide arbitrary YAML input to an application that uses kaml to cause the application to endlessly loop while parsing the input leading to resource starvation and denial of service.

Remediation

Install updates from vendor's website.

External links

https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a
https://github.com/charleskorn/kaml/issues/179
https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4

#VU123005 Infinite loop in kaml - CVE-2021-39194

Description

Remediation

External links

Please verify you're human