cbcvebase.
CVE-2026-50193
published 2026-06-23

CVE-2026-50193: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential…

PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.62%
45.0th percentile
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if (and only if) the service reads deeply nested (1000s of levels) JSON as JsonNode (ObjectMapper.readTree()) and writes out same (or modifided) node using JsonNode.toString(). This can consume significant amount of resources with concurrent relatively small requests (1000 nested arrays is 2kB). This vulnerability is fixed in 2.14.0.

Affected

65 ranges· showing 25
VendorProductVersion rangeFixed in
ansible-automation-platform-27de-minimal-rhel9
ansible-automation-platform-27de-supported-rhel9
candlepinprojectcandlepin
debiandogtag-pki
debianpuppetserver
devspacesmulticluster-redirector-rhel9
devspacesopenvsx-rhel9
devspacespluginregistry-rhel9
devspacesserver-rhel9
eap74-els-openjdk11-openshift-rhel8eap74-els-openjdk11-openshift-rhel8
eap74-els-openjdk17-openshift-rhel8eap74-els-openjdk17-openshift-rhel8
eap74-els-openjdk8-openshift-rhel8eap74-els-openjdk8-openshift-rhel8
fasterxmljackson-databind
fasterxmljackson-databind
fasterxmljackson-databind>= 2.10.0 < 2.14.02.14.0
jboss-eap-7eap74-els-openjdk17-openshift-rhel8
jboss-eap-7eap74-els-openjdk8-openshift-rhel8
jenkinsjenkins
ocp-tools-4jenkins-rhel8
ocp-tools-4jenkins-rhel9
offline-knowledge-portalrhokp-rhel9
openshift-serverless-1kn-ekb-dispatcher-rhel9
openshift-serverless-1kn-ekb-receiver-rhel9
openshift-serverless-1kn-eventing-integrations-aws-ddb-streams-source-rhel9
openshift-serverless-1kn-eventing-integrations-aws-s3-sink-rhel9

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.