VYPR
High severity8.3NVD Advisory· Published Mar 17, 2026· Updated May 11, 2026

CVE-2026-0708

CVE-2026-0708

Description

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ucl_object_emit function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Vstakhov/Libucl2 versions
    cpe:2.3:a:vstakhov:libucl:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vstakhov:libucl:*:*:*:*:*:*:*:*range: <=0.9.4
    • (no CPE)
  • Range: 3e7f023e184e06f30fb5792dacd9dd0f8b692f1b

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.