CVE-2026-44660

CVE Database · CVE-2026-44660

CVE-2026-44660

· N/AReceived

CVSS v3.1

N/A

CVSS v4.0

8.7

EPSS

0.37%

Published

May 27, 2026

Modified

May 29, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. This vulnerability is fixed in 5.12.1.

Weaknesses (CWE)

CWE-401

References (4)

https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9

https://github.com/ultrajson/ultrajson/releases/tag/5.12.1

https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg

KEV Catalog EPSS Scores Vendors All CVEs