VYPR
High severity7.5GHSA Advisory· Published May 27, 2026· Updated Jun 2, 2026

CVE-2026-44660

CVE-2026-44660

Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. This vulnerability is fixed in 5.12.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ujsonPyPI
< 5.12.15.12.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.