PatchSiren

ncalc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM ncalc CVE published 2026-07-17

CVE-2026-55254

CVE-2026-55254 is a vulnerability in NCalc, a .NET expression evaluator. The issue permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due to integer overflow in the factorial calculation logic. This occurs when applications evaluate untrusted expressions. The vulnerability is fixed in version 6.1.1. Developers and admi [truncated]