Lucene search
K

CVE-2026-2391 qs's arrayLimit bypass in comma parsing allows denial of service

🗓️ 12 Feb 2026 04:39:42Reported by harboristType 
cvelist
 cvelist
🔗 www.cve.org👁 36 Views

CVE-2026-2391: qs comma parsing bypasses arrayLimit, causing memory exhaustion denial of service.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: DevOps Test Performance contains a vulnerabilty related to use of the qs library
7 Apr 202615:44
ibm
IBM Security Bulletins
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
22 Jun 202614:27
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
17 Mar 202603:46
ibm
IBM Security Bulletins
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Allocation of Resources Without Limits CVE-2025-15284
8 Jun 202613:54
ibm
IBM Security Bulletins
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs
29 Jun 202613:43
ibm
IBM Security Bulletins
Security Bulletin: A vulnerability in the qs package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
15 May 202614:21
ibm
IBM Security Bulletins
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities
30 Jun 202612:19
ibm
IBM Security Bulletins
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities
30 Jun 202612:14
ibm
IBM Security Bulletins
Security Bulletin: IBM Event Processing is affected by Multiple vulnerabilities
12 Jun 202607:30
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.
30 Apr 202611:40
ibm
Rows per page
[
  {
    "collectionURL": "https://npmjs.com/qs",
    "defaultStatus": "unaffected",
    "packageName": "qs",
    "repo": "https://github.com/ljharb/qs",
    "versions": [
      {
        "lessThanOrEqual": "6.14.1",
        "status": "affected",
        "version": "6.7.0",
        "versionType": "semver"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Feb 2026 17:32Current
CVSS 3.13.7
CVSS 46.3
EPSS0.00478
36