ByteOS Network

NVD Vulnerability Details :

CVE-2026-8295

Awaiting Analysis

Source-cvd@cert.pl

Published At-14 May, 2026 | 11:16

Updated At-14 May, 2026 | 16:04

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output. This vulnerability has been fixed in 4.6.4 release

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	cvd@cert.pl

CWE ID: CWE-190

Type: Primary

Source: cvd@cert.pl

References

Hyperlink	Source	Resource
https://cert.pl/posts/2026/05/CVE-2026-8295	cvd@cert.pl	N/A
https://github.com/simdjson/simdjson/releases/tag/v4.6.4	cvd@cert.pl	N/A

Hyperlink: https://cert.pl/posts/2026/05/CVE-2026-8295

Source: cvd@cert.pl

Resource: N/A

Hyperlink: https://github.com/simdjson/simdjson/releases/tag/v4.6.4

Source: cvd@cert.pl

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History