CVE-2026-59870 is a vulnerability in js-yaml, a JavaScript YAML parser and dumper. The vulnerability affects versions 5.0.0 to 5.2.0 and causes O(n^2) CPU consumption when parsing crafted ordered-map documents. This issue is fixed in version 5.2.1. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Developers and administrators should be aware of this vulnerability and take steps to mitigate it.
The CVE record for CVE-2026-59869 was published on 2026-07-08T16:16:33.423Z and has not been modified since then. The NVD entry is currently Awaiting Analysis. This vulnerability affects js-yaml, a JavaScript YAML parser and dumper, and can cause quadratic CPU time parsing issues when a chain of mappings uses merge keys. The vulnerability has a high CVSS score of 7.5 and is fixed in versions 3.15.0 and 4.3.0.
CVE-2026-59868 is a vulnerability in js-yaml, a JavaScript YAML parser and dumper. The vulnerability allows for quadratic CPU time parsing when merge keys are enabled, potentially leading to performance issues and denial of service attacks. This issue was fixed in version 5.2.0. Affected users, especially those using versions prior to 5.2.0, should be aware of this vulnerability and take steps to mitigate [truncated]