Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-9563
PUBLISHED
More InfoOfficial Page
Assigner-eclipse
Assigner Org ID-e51fbebd-6053-4e49-959f-1b94eeb69a2c
View Known Exploited Vulnerability (KEV) details
Published At-02 Jul, 2026 | 07:33
Updated At-02 Jul, 2026 | 12:27
Rejected At-
▼CVE Numbering Authority (CNA)

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

Affected Products
Vendor
Eclipse Foundation AISBLEclipse Foundation
Product
Eclipse Parsson
Default Status
unaffected
Versions
Affected
  • From 1.0.0 through 1.1.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
CWECWE-770CWE-770 Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-770
Description: CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Mark Swatosh
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/eclipse-ee4j/parsson/commit/134e8d101aa74c8b9302d0cb62f6ccb4912a9d0c
N/A
https://github.com/eclipse-ee4j/parsson/pull/169
N/A
https://repo.maven.apache.org/maven2/org/eclipse/parsson/parsson/1.1.8/
N/A
https://github.com/eclipse-ee4j/parsson/tree/1.1.8
N/A
https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/444
N/A
Hyperlink: https://github.com/eclipse-ee4j/parsson/commit/134e8d101aa74c8b9302d0cb62f6ccb4912a9d0c
Resource: N/A
Hyperlink: https://github.com/eclipse-ee4j/parsson/pull/169
Resource: N/A
Hyperlink: https://repo.maven.apache.org/maven2/org/eclipse/parsson/parsson/1.1.8/
Resource: N/A
Hyperlink: https://github.com/eclipse-ee4j/parsson/tree/1.1.8
Resource: N/A
Hyperlink: https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/444
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/444
exploit
Hyperlink: https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/444
Resource:
exploit
Details not found