CVE-2025-50537

medium Red Hat
CVSS v3 Base Score
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
None
Integrity
None
Availability
High
Published: January 26, 2026 (109 days ago)
Last Modified: January 26, 2026
Vendor: Red Hat

Description

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

CWE

CWE-502

Affected Products

Cryostat 4Logging Subsystem for Red Hat OpenShiftMulticluster Engine for KubernetesOpenShift PipelinesRed Hat Advanced Cluster Management for Kubernetes 2Red Hat AMQ Broker 7Red Hat build of Apicurio Registry 2Red Hat build of OptaPlanner 8Red Hat Data Grid 8Red Hat Directory Server 11

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 gist.github.com 🔗 github.com