High severity7.5NVD Advisory· Published Jan 22, 2026· Updated Apr 6, 2026
CVE-2026-23957
CVE-2026-23957
Description
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. This issue has been fixed in version 1.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
serovalnpm | < 1.4.1 | 1.4.1 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060nvdPatchWEB
- github.com/advisories/GHSA-66fc-rw6m-c2q6ghsaADVISORY
- github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6nvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-23957ghsaADVISORY
News mentions
0No linked articles in our index yet.