High severity7.5NVD Advisory· Published Mar 26, 2026· Updated Apr 21, 2026
CVE-2026-32285
CVE-2026-32285
Description
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/buger/jsonparserGo | < 1.1.2 | 1.1.2 |
Affected products
202- osv-coords201 versionspkg:apk/chainguard/cgpkg:apk/chainguard/chainloop-clipkg:apk/chainguard/chainloop-cli-fipspkg:apk/chainguard/chainloop-control-planepkg:apk/chainguard/chainloop-control-plane-fipspkg:apk/chainguard/commercial-grafana-11.6pkg:apk/chainguard/commercial-grafana-12.1pkg:apk/chainguard/commercial-grafana-12.2pkg:apk/chainguard/commercial-grafana-12.3pkg:apk/chainguard/commercial-grafana-12.4pkg:apk/chainguard/crictlpkg:apk/chainguard/cri-toolspkg:apk/chainguard/daggerpkg:apk/chainguard/datadog-agent-7.71pkg:apk/chainguard/datadog-agent-7.72pkg:apk/chainguard/datadog-agent-7.73pkg:apk/chainguard/datadog-agent-7.74pkg:apk/chainguard/datadog-agent-7.76pkg:apk/chainguard/datadog-agent-fips-7.71pkg:apk/chainguard/datadog-agent-fips-7.72pkg:apk/chainguard/datadog-agent-fips-7.73pkg:apk/chainguard/datadog-agent-fips-7.74pkg:apk/chainguard/datadog-agent-fips-7.76pkg:apk/chainguard/deckpkg:apk/chainguard/deck-fipspkg:apk/chainguard/dgraphpkg:apk/chainguard/eksctlpkg:apk/chainguard/elastic-agent-8.19pkg:apk/chainguard/elastic-agent-fips-8.19pkg:apk/chainguard/elastic-otel-collector-9.3pkg:apk/chainguard/elastic-otel-collector-fips-9.3pkg:apk/chainguard/gitlab-runner-18.7pkg:apk/chainguard/gitlab-runner-18.8pkg:apk/chainguard/gitlab-runner-18.9pkg:apk/chainguard/gitlab-runner-fips-18.8pkg:apk/chainguard/gitlab-runner-fips-18.9pkg:apk/chainguard/gitlab-runner-helper-18.7pkg:apk/chainguard/gitlab-runner-helper-18.8pkg:apk/chainguard/gitlab-runner-helper-18.9pkg:apk/chainguard/gitlab-runner-helper-fips-18.8pkg:apk/chainguard/gitlab-runner-helper-fips-18.9pkg:apk/chainguard/google-cloud-otel-ops-collectorpkg:apk/chainguard/goreleaserpkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-12.1pkg:apk/chainguard/grafana-12.2pkg:apk/chainguard/grafana-12.3pkg:apk/chainguard/grafana-12.4pkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-fipspkg:apk/chainguard/grafana-beylapkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.1pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/chainguard/grafana-fips-12.4pkg:apk/chainguard/influxd-2.7pkg:apk/chainguard/jfrog-clipkg:apk/chainguard/k3spkg:apk/chainguard/k3s-1.31pkg:apk/chainguard/k3s-1.32pkg:apk/chainguard/k3s-1.33pkg:apk/chainguard/k3s-staticpkg:apk/chainguard/k3s-static-1.31pkg:apk/chainguard/k3s-static-1.32pkg:apk/chainguard/k3s-static-1.33pkg:apk/chainguard/k8sgptpkg:apk/chainguard/kubevela-vela-clipkg:apk/chainguard/kubevela-vela-cli-fipspkg:apk/chainguard/kubevela-vela-corepkg:apk/chainguard/kubevela-vela-core-fipspkg:apk/chainguard/lazygitpkg:apk/chainguard/loki-2.9pkg:apk/chainguard/loki-2.9-logclipkg:apk/chainguard/loki-2.9-loki-canarypkg:apk/chainguard/loki-2.9-promtailpkg:apk/chainguard/loki-3.4pkg:apk/chainguard/loki-3.4-logclipkg:apk/chainguard/loki-3.5pkg:apk/chainguard/loki-3.5-logclipkg:apk/chainguard/loki-3.6pkg:apk/chainguard/loki-3.6-logclipkg:apk/chainguard/loki-fips-2.9pkg:apk/chainguard/loki-fips-2.9-logclipkg:apk/chainguard/loki-fips-2.9-loki-canarypkg:apk/chainguard/loki-fips-2.9-promtailpkg:apk/chainguard/loki-fips-3.4pkg:apk/chainguard/loki-fips-3.4-logclipkg:apk/chainguard/loki-fips-3.5pkg:apk/chainguard/loki-fips-3.5-logclipkg:apk/chainguard/loki-fips-3.6pkg:apk/chainguard/loki-fips-3.6-logclipkg:apk/chainguard/malcontentpkg:apk/chainguard/marupkg:apk/chainguard/mcp-grafanapkg:apk/chainguard/mcp-grafana-fipspkg:apk/chainguard/miniopkg:apk/chainguard/minio-fipspkg:apk/chainguard/modspkg:apk/chainguard/nfpmpkg:apk/chainguard/nucleipkg:apk/chainguard/ollamapkg:apk/chainguard/ollama-fipspkg:apk/chainguard/opentelemetry-collectorpkg:apk/chainguard/opentelemetry-collector-contribpkg:apk/chainguard/opentelemetry-collector-contrib-fipspkg:apk/chainguard/opentelemetry-collector-fipspkg:apk/chainguard/prometheus-3.10pkg:apk/chainguard/prometheus-fips-3.10pkg:apk/chainguard/rclonepkg:apk/chainguard/rclone-fipspkg:apk/chainguard/rpk-25.1.12pkg:apk/chainguard/rpk-25.2.14pkg:apk/chainguard/rpk-25.3.10pkg:apk/chainguard/teleport-18pkg:apk/chainguard/teleport-18.6pkg:apk/chainguard/tempo-2.10pkg:apk/chainguard/tempo-2.10-clipkg:apk/chainguard/tempo-2.10-vulturepkg:apk/chainguard/tempo-2.9pkg:apk/chainguard/tempo-2.9-clipkg:apk/chainguard/tempo-fips-2.10pkg:apk/chainguard/tempo-fips-2.10-clipkg:apk/chainguard/tempo-fips-2.10-vulturepkg:apk/chainguard/tempo-fips-2.9pkg:apk/chainguard/tempo-fips-2.9-clipkg:apk/chainguard/terraform-mcp-serverpkg:apk/chainguard/terragruntpkg:apk/chainguard/terragrunt-fipspkg:apk/chainguard/vclusterpkg:apk/chainguard/vcluster-clipkg:apk/chainguard/vcluster-syncerpkg:apk/chainguard/weaviatepkg:apk/chainguard/witnesspkg:apk/wolfi/crictlpkg:apk/wolfi/cri-toolspkg:apk/wolfi/daggerpkg:apk/wolfi/datadog-agent-7.72pkg:apk/wolfi/datadog-agent-7.73pkg:apk/wolfi/datadog-agent-7.74pkg:apk/wolfi/datadog-agent-7.76pkg:apk/wolfi/dgraphpkg:apk/wolfi/eksctlpkg:apk/wolfi/gitlab-runner-18.7pkg:apk/wolfi/gitlab-runner-18.8pkg:apk/wolfi/gitlab-runner-18.9pkg:apk/wolfi/gitlab-runner-helper-18.7pkg:apk/wolfi/gitlab-runner-helper-18.8pkg:apk/wolfi/gitlab-runner-helper-18.9pkg:apk/wolfi/goreleaserpkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-12.1pkg:apk/wolfi/grafana-12.2pkg:apk/wolfi/grafana-12.3pkg:apk/wolfi/grafana-12.4pkg:apk/wolfi/grafana-alloypkg:apk/wolfi/influxd-2.7pkg:apk/wolfi/k3spkg:apk/wolfi/k3s-1.32pkg:apk/wolfi/k3s-1.33pkg:apk/wolfi/k3s-staticpkg:apk/wolfi/k3s-static-1.32pkg:apk/wolfi/k3s-static-1.33pkg:apk/wolfi/k8sgptpkg:apk/wolfi/kubevela-vela-clipkg:apk/wolfi/kubevela-vela-corepkg:apk/wolfi/lazygitpkg:apk/wolfi/loki-3.4pkg:apk/wolfi/loki-3.4-logclipkg:apk/wolfi/loki-3.5pkg:apk/wolfi/loki-3.5-logclipkg:apk/wolfi/loki-3.6pkg:apk/wolfi/loki-3.6-logclipkg:apk/wolfi/malcontentpkg:apk/wolfi/marupkg:apk/wolfi/mcp-grafanapkg:apk/wolfi/miniopkg:apk/wolfi/modspkg:apk/wolfi/nfpmpkg:apk/wolfi/nucleipkg:apk/wolfi/ollamapkg:apk/wolfi/opentelemetry-collectorpkg:apk/wolfi/opentelemetry-collector-contribpkg:apk/wolfi/prometheus-3.10pkg:apk/wolfi/rclonepkg:apk/wolfi/rpk-25.3.10pkg:apk/wolfi/teleport-18pkg:apk/wolfi/teleport-18.6pkg:apk/wolfi/tempo-2.10pkg:apk/wolfi/tempo-2.10-clipkg:apk/wolfi/tempo-2.10-vulturepkg:apk/wolfi/terraform-mcp-serverpkg:apk/wolfi/terragruntpkg:apk/wolfi/vclusterpkg:apk/wolfi/vcluster-clipkg:apk/wolfi/vcluster-syncerpkg:apk/wolfi/weaviatepkg:apk/wolfi/witnesspkg:golang/github.com/buger/jsonparserpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mcphost&distro=openSUSE%20Tumbleweed
< 0.2.225-r0+ 200 more
- (no CPE)range: < 0.2.225-r0
- (no CPE)range: < 1.83.0-r1
- (no CPE)range: < 1.83.0-r1
- (no CPE)range: < 1.83.0-r1
- (no CPE)range: < 1.83.0-r1
- (no CPE)range: < 11.6.14-r0
- (no CPE)range: < 12.1.10-r0
- (no CPE)range: < 12.2.8-r0
- (no CPE)range: < 12.3.6-r0
- (no CPE)range: < 12.4.2-r0
- (no CPE)range: < 1.35.0-r7
- (no CPE)range: < 1.35.0-r7
- (no CPE)range: < 0.20.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.74.1-r11
- (no CPE)range: < 7.76.3-r3
- (no CPE)range: < 0
- (no CPE)range: < 7.72.4-r8
- (no CPE)range: < 7.73.3-r7
- (no CPE)range: < 0
- (no CPE)range: < 7.76.3-r3
- (no CPE)range: < 1.56.0-r2
- (no CPE)range: < 1.56.0-r3
- (no CPE)range: < 25.3.0-r3
- (no CPE)range: < 0.224.0-r7
- (no CPE)range: < 8.19.14-r1
- (no CPE)range: < 8.19.14-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 18.7.2-r10
- (no CPE)range: < 18.8.0-r5
- (no CPE)range: < 18.9.0-r4
- (no CPE)range: < 18.8.0-r6
- (no CPE)range: < 18.9.0-r4
- (no CPE)range: < 18.7.2-r10
- (no CPE)range: < 18.8.0-r5
- (no CPE)range: < 18.9.0-r4
- (no CPE)range: < 18.8.0-r6
- (no CPE)range: < 18.9.0-r4
- (no CPE)range: < 0
- (no CPE)range: < 2.14.3-r3
- (no CPE)range: < 11.6.13-r2
- (no CPE)range: < 12.1.9-r2
- (no CPE)range: < 12.2.7-r2
- (no CPE)range: < 12.3.5-r2
- (no CPE)range: < 12.4.1-r2
- (no CPE)range: < 1.14.1-r2
- (no CPE)range: < 1.14.1-r2
- (no CPE)range: < 3.6.0-r1
- (no CPE)range: < 11.6.13-r4
- (no CPE)range: < 12.1.9-r4
- (no CPE)range: < 12.2.7-r2
- (no CPE)range: < 12.3.5-r3
- (no CPE)range: < 12.4.2-r0
- (no CPE)range: < 2.7.12-r15
- (no CPE)range: < 2.96.0-r2
- (no CPE)range: < 1.35.2.1-r2
- (no CPE)range: < 1.31.6.1-r15
- (no CPE)range: < 1.32.13.1-r6
- (no CPE)range: < 1.33.9.1-r4
- (no CPE)range: < 1.35.2.1-r2
- (no CPE)range: < 1.31.6.1-r15
- (no CPE)range: < 1.32.13.1-r6
- (no CPE)range: < 1.33.9.1-r4
- (no CPE)range: < 0.4.30-r4
- (no CPE)range: < 1.10.7-r5
- (no CPE)range: < 1.10.7-r6
- (no CPE)range: < 1.10.7-r5
- (no CPE)range: < 1.10.7-r6
- (no CPE)range: < 0.60.0-r4
- (no CPE)range: < 2.9.17-r5
- (no CPE)range: < 2.9.17-r5
- (no CPE)range: < 2.9.17-r5
- (no CPE)range: < 2.9.17-r5
- (no CPE)range: < 3.4.6-r10
- (no CPE)range: < 3.4.6-r10
- (no CPE)range: < 3.5.12-r1
- (no CPE)range: < 3.5.12-r1
- (no CPE)range: < 3.6.7-r4
- (no CPE)range: < 3.6.7-r4
- (no CPE)range: < 2.9.17-r6
- (no CPE)range: < 2.9.17-r6
- (no CPE)range: < 2.9.17-r6
- (no CPE)range: < 2.9.17-r6
- (no CPE)range: < 3.4.6-r9
- (no CPE)range: < 3.4.6-r9
- (no CPE)range: < 3.5.12-r2
- (no CPE)range: < 3.5.12-r2
- (no CPE)range: < 3.6.7-r4
- (no CPE)range: < 3.6.7-r4
- (no CPE)range: < 1.21.3-r1
- (no CPE)range: < 0.6.0-r11
- (no CPE)range: < 0.11.3-r5
- (no CPE)range: < 0.11.3-r2
- (no CPE)range: < 0.20251015.172955-r10
- (no CPE)range: < 0.20251015.172955-r11
- (no CPE)range: < 0
- (no CPE)range: < 2.45.2-r3
- (no CPE)range: < 3.7.1-r3
- (no CPE)range: < 0.18.2-r1
- (no CPE)range: < 0.18.2-r1
- (no CPE)range: < 0.148.0-r1
- (no CPE)range: < 0.148.0-r3
- (no CPE)range: < 0.148.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 3.10.0-r3
- (no CPE)range: < 3.10.0-r2
- (no CPE)range: < 1.73.2-r2
- (no CPE)range: < 1.73.3-r0
- (no CPE)range: < 25.1.12-r8
- (no CPE)range: < 25.2.14-r4
- (no CPE)range: < 25.3.10-r3
- (no CPE)range: < 18.7.2-r4
- (no CPE)range: < 18.6.8-r7
- (no CPE)range: < 2.10.3-r6
- (no CPE)range: < 2.10.3-r6
- (no CPE)range: < 2.10.3-r6
- (no CPE)range: < 2.9.1-r3
- (no CPE)range: < 2.9.1-r3
- (no CPE)range: < 2.10.3-r2
- (no CPE)range: < 2.10.3-r2
- (no CPE)range: < 2.10.3-r2
- (no CPE)range: < 2.9.1-r3
- (no CPE)range: < 2.9.1-r3
- (no CPE)range: < 0.4.0-r3
- (no CPE)range: < 0.99.5-r1
- (no CPE)range: < 0.99.4-r6
- (no CPE)range: < 0.32.1-r7
- (no CPE)range: < 0.32.1-r7
- (no CPE)range: < 0.32.1-r7
- (no CPE)range: < 1.36.6-r1
- (no CPE)range: < 0.10.2-r15
- (no CPE)range: < 1.35.0-r7
- (no CPE)range: < 1.35.0-r7
- (no CPE)range: < 0.20.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.74.1-r11
- (no CPE)range: < 7.76.3-r3
- (no CPE)range: < 25.3.0-r3
- (no CPE)range: < 0.224.0-r7
- (no CPE)range: < 18.7.2-r10
- (no CPE)range: < 18.8.0-r5
- (no CPE)range: < 18.9.0-r4
- (no CPE)range: < 18.7.2-r10
- (no CPE)range: < 18.8.0-r5
- (no CPE)range: < 18.9.0-r4
- (no CPE)range: < 2.14.3-r3
- (no CPE)range: < 11.6.13-r2
- (no CPE)range: < 12.1.9-r2
- (no CPE)range: < 12.2.7-r2
- (no CPE)range: < 12.3.5-r2
- (no CPE)range: < 12.4.1-r2
- (no CPE)range: < 1.14.1-r2
- (no CPE)range: < 2.7.12-r15
- (no CPE)range: < 1.35.2.1-r2
- (no CPE)range: < 1.32.13.1-r6
- (no CPE)range: < 1.33.9.1-r4
- (no CPE)range: < 1.35.2.1-r2
- (no CPE)range: < 1.32.13.1-r6
- (no CPE)range: < 1.33.9.1-r4
- (no CPE)range: < 0.4.30-r4
- (no CPE)range: < 1.10.7-r5
- (no CPE)range: < 1.10.7-r5
- (no CPE)range: < 0.60.0-r4
- (no CPE)range: < 3.4.6-r10
- (no CPE)range: < 3.4.6-r10
- (no CPE)range: < 3.5.12-r1
- (no CPE)range: < 3.5.12-r1
- (no CPE)range: < 3.6.7-r4
- (no CPE)range: < 3.6.7-r4
- (no CPE)range: < 1.21.3-r1
- (no CPE)range: < 0.6.0-r11
- (no CPE)range: < 0.11.3-r5
- (no CPE)range: < 0.20251015.172955-r10
- (no CPE)range: < 0
- (no CPE)range: < 2.45.2-r3
- (no CPE)range: < 3.7.1-r3
- (no CPE)range: < 0.18.2-r1
- (no CPE)range: < 0.148.0-r1
- (no CPE)range: < 0.148.0-r3
- (no CPE)range: < 3.10.0-r3
- (no CPE)range: < 1.73.2-r2
- (no CPE)range: < 25.3.10-r3
- (no CPE)range: < 18.7.2-r4
- (no CPE)range: < 18.6.8-r7
- (no CPE)range: < 2.10.3-r6
- (no CPE)range: < 2.10.3-r6
- (no CPE)range: < 2.10.3-r6
- (no CPE)range: < 0.4.0-r3
- (no CPE)range: < 0.99.5-r1
- (no CPE)range: < 0.32.1-r7
- (no CPE)range: < 0.32.1-r7
- (no CPE)range: < 0.32.1-r7
- (no CPE)range: < 1.36.6-r1
- (no CPE)range: < 0.10.2-r15
- (no CPE)range: < 1.1.2
- (no CPE)range: < 0.0.20260326T203309-150000.1.155.2
- (no CPE)range: < 0.34.0-1.1
Patches
Vulnerability mechanics
References
9- securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-6g7g-w4f8-9c9xghsaADVISORY
- github.com/buger/jsonparser/issues/275nvdIssue TrackingThird Party AdvisoryWEB
- github.com/golang/vulndb/issues/4514nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32285ghsaADVISORY
- pkg.go.dev/vuln/GO-2026-4514nvdThird Party AdvisoryWEB
- github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0ghsaWEB
- github.com/buger/jsonparser/pull/276ghsaWEB
- github.com/buger/jsonparser/releases/tag/v1.1.2ghsaWEB
News mentions
0No linked articles in our index yet.