PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52746 jsonata-js CVE debrief

A denial of service vulnerability exists in JSONata prior to version 2.2.0. The issue arises from the $toMillis function's ISO-8601 validation regex, which can cause superlinear backtracking when processing malicious non-matching inputs. This can lead to a denial of service in applications that evaluate user-provided JSONata expressions. The vulnerability is addressed in JSONata version 2.2.0. Affected systems and components include those using JSONata for JSON query and transformation. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity.

Vendor
jsonata-js
Product
jsonata
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Developers and administrators using JSONata in their applications should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 2.2.0 or later and ensuring that user-provided JSONata expressions are properly validated and sanitized. Operators and security teams responsible for managing and securing systems that utilize JSONata should also be aware of the potential impact and take necessary precautions.

Technical summary

The $toMillis function in JSONata prior to version 2.2.0 contains a vulnerability that can cause a denial of service. The function's ISO-8601 validation regex is susceptible to superlinear backtracking when processing malicious non-matching inputs. This can lead to a denial of service in applications that evaluate user-provided JSONata expressions. The issue is addressed in JSONata version 2.2.0. Affected systems include those using JSONata for JSON query and transformation, particularly in applications that evaluate user-provided JSONata expressions. Developers should verify the affected scope and ensure proper validation and sanitization of user-provided JSONata expressions.

Defensive priority

High Priority: Immediate action recommended to update JSONata to version 2.2.0 or later and implement additional security measures to prevent exploitation. This includes validating and sanitizing user-provided JSONata expressions, monitoring applications for potential denial of service attacks, and reviewing compensating controls for exposed systems while remediation is scheduled and verified. Asset inventory and vulnerability management teams should also review the affected scope and prioritize remediation efforts accordingly. Rolling back change windows and tracking exceptions are also recommended to ensure the security of affected systems. Source tracking and monitoring can help identify potential security incidents related to this vulnerability. Compensating controls, such as additional monitoring and detection, should be reviewed and implemented if necessary. The vulnerability's high severity and potential impact on affected systems warrant immediate attention and action from developers, administrators, and security teams. The priority level is High, indicating a high level of urgency for remediation and mitigation efforts. The recommended actions are vendor patch guidance, exposure review, compensating controls, monitoring, asset inventory, rollback/change windows, and source tracking. These actions should be taken in accordance with standard security practices and change control procedures to minimize potential disruptions and ensure the security of affected systems. The vulnerability's impact on operational security and potential for denial of service attacks emphasizes the need for prompt action and thorough mitigation strategies. By prioritizing remediation and implementing recommended security measures, organizations can minimize the risk associated with this vulnerability and protect their systems from potential exploitation. The defensive priority level reflects the need for immediate attention and action to prevent potential security incidents and minimize the impact of this vulnerability on affected systems. The recommended actions and security measures are designed to help organizations effectively manage the risk associated with this high-sever.

Recommended defensive actions

  • Update JSONata to version 2.2.0 or later
  • Validate and sanitize user-provided JSONata expressions
  • Monitor applications for potential denial of service attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-17T19:17:16.500Z and has not been modified since then. The NVD entry is currently 7.5 HIGH. Limited information is available about the vulnerability's impact and affected systems. The vulnerability affects JSONata versions prior to 2.2.0. Developers should verify the affected scope and ensure proper validation and sanitization of user-provided JSONata expressions.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T19:17:16.500Z and has not been modified since then.