CVE-2026-33320

CVE-2026-33320 affects the Dasel project: versions 3.0.0 through prior to 3.3.1 expose an unbounded CPU/memory denial of service via YAML processing. The flaw lies in Dasel’s UnmarshalYAML implementation, which manually resolves yaml.Node.Alias pointers without any expansion budget, bypassing go-...