MEDIUM
ipld
CVE published 2026-05-27
CVE-2026-42328
CVE-2026-42328 is a stack exhaustion vulnerability in go-ipld-prime, a Go implementation of the InterPlanetary Linked Data (IPLD) specification. The DAG-CBOR and DAG-JSON decoders in versions prior to 0.23.0 recursively process nested maps and lists without enforcing a depth limit. A maliciously crafted payload with deeply nested collections causes unbounded stack growth, leading to a fatal stack overflow [truncated]