PatchSiren

Faraday Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Faraday Project CVE published 2026-06-24

CVE-2026-54297

CVE-2026-54297 is a HIGH severity vulnerability in Faraday, an HTTP client library abstraction layer. The vulnerability allows for denial of service via a deeply nested Ruby Hash structure. Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string causes Faraday to build a deep [truncated]