CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

🗓️ 31 Mar 2026 01:48:45Reported by GoogleType

osv🔗 osv.dev👁 4 Views

CVE-2026-34043 DoS from central processing unit exhaustion during serialization of crafted array-like objects; fixed in 7.0.5.

Reporter	Title	Published	Views	Family All 70
IBM Security Bulletins	Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities	27 May 202615:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Aspera Faspex	16 Apr 202622:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service (CVE-2026-34043)	13 Apr 202610:06	–	ibm
ATTACKERKB	CVE-2026-34043	31 Mar 202601:48	–	attackerkb
Tenable Nessus	AlmaLinux 10 : .NET 8.0 (ALSA-2026:21286)	28 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 8.0 (ALSA-2026:21291)	28 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 8.0 (ALSA-2026:21293)	28 May 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet8.0-8.0.127-1.el8_10.ML.1 (AXSA:2026-756:09)	4 Jun 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : .NET / 8.0 (ELSA-2026-21291)	28 May 202600:00	–	nessus
Tenable Nessus	RHEL 10 : .NET 8.0 (RHSA-2026:21286)	27 May 202600:00	–	nessus

Source	Link
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34043.json
github	www.github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b
github	www.github.com/yahoo/serialize-javascript/releases/tag/v7.0.5
github	www.github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-34043

28 May 2026 14:59Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.9

EPSS0.00018