Main Vulnerability Database Vulnerabilities #VU123005

Infinite loop in kaml - CVE-2021-39194

Published: February 18, 2026

Vulnerability identifier: #VU123005

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-39194

CWE-ID: CWE-835

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: charleskorn

Affected software:
kaml

Detailed vulnerability description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote user can provide arbitrary YAML input to an application that uses kaml to cause the application to endlessly loop while parsing the input leading to resource starvation and denial of service.

How to mitigate CVE-2021-39194

Install updates from vendor's website.

Sources

https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a
https://github.com/charleskorn/kaml/issues/179
https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4

Infinite loop in kaml - CVE-2021-39194

Detailed vulnerability description

How to mitigate CVE-2021-39194

Sources

Please verify you're human