CVE-2026-59870
js-yaml (JavaScript YAML parser) is affected from 5.0.0 up to before 5.2.1. The YAML11_SCHEMA !!omap handling in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on each insertion, causing O(n^2) CPU usage when yaml.load() parses crafted ordered-map documents...