HIGH
harttle
CVE published 2026-05-09
CVE-2026-41311
CVE-2026-41311 is a denial-of-service vulnerability in LiquidJS. A circular {% layout %}/{% block %} reference can trigger an infinite recursive loop, consuming available memory and crashing the Node.js process. The issue is fixed in LiquidJS 10.25.7, and teams that accept untrusted Liquid templates should prioritize upgrading and adding template validation controls.