Vulnerability Database

322,573

Total vulnerabilities in the database

CVE-2026-23957

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. This issue has been fixed in version 1.4.1.

Published: Jan 22, 2026
Updated: Jan 23, 2026
CVE: CVE-2026-23957
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-770

Affected Software
References

No affected software listed.

https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060
https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo