๐Ÿ” CVE Alert

CVE-2026-14651

LOW 3.3

connorskees grass visitor denial of service

CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The project maintainer explains: "DoS vulnerabilities are generally fine in Sass compilers -- they are trivially possible with recursive functions, infinite loops, nested mixins, etc. The description here is wrong. Compile time is not expected to be linear relative to the input, and the @extend algorithm is definitionally exponential."

CWE CWE-404
Vendor connorskees
Product grass
Published Jul 4, 2026
Stay Ahead of the Next One

Get instant alerts for connorskees grass

Be the first to know when new low vulnerabilities affecting connorskees grass are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

connorskees / grass
0.13.0 0.13.1 0.13.2 0.13.3 0.13.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376164 vuldb.com: https://vuldb.com/vuln/376164/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14651 vuldb.com: https://vuldb.com/submit/846667 github.com: https://github.com/connorskees/grass/issues/117 github.com: https://github.com/connorskees/grass/

Credits

๐Ÿ” Zyz3366 (VulDB User) VulDB CNA Team