CVE-2026-45205
published 2026-05-14CVE-2026-45205: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
Uncontrolled Recursion vulnerability in Apache Commons.
When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles.
This issue affects Apache Commons: from 2.2 before 2.15.0.
Users are recommended to upgrade to version 2.15.0, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_configuration | >= 2.2 < 2.15.0 | 2.15.0 |
| apache_software_foundation | apache_commons_configuration | >= 2.2 < 2.15.0 | 2.15.0 |