CVE-2026-32285

HIGH 7.5

Denial of service in github.com/buger/jsonparser

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

4th

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

Vendor	github.com/buger/jsonparser
Product	github.com/buger/jsonparser
Published	Mar 26, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for github.com/buger/jsonparser github.com/buger/jsonparser

Be the first to know when new high vulnerabilities affecting github.com/buger/jsonparser github.com/buger/jsonparser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

github.com/buger/jsonparser / github.com/buger/jsonparser

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/buger/jsonparser/issues/275 github.com: https://github.com/golang/vulndb/issues/4514 pkg.go.dev: https://pkg.go.dev/vuln/GO-2026-4514 securityinfinity.com: https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026