CVE-2026-45205

UNKNOWN 0.0

Apache Commons Configuration: StackOverflowError for YAML input with cycles

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0, which fixes the issue.

CWE	CWE-674
Vendor	apache software foundation
Product	apache commons configuration
Published	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache commons configuration

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache commons configuration are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Commons Configuration

2.2 < 2.15.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/apache/commons-configuration/pull/634 lists.apache.org: https://lists.apache.org/thread/q3q3j10ohcqhs6o0rg1v7kz6kk27vtkk

Credits

🔍 Erichen, Institute of Computing Technology, Chinese Academy of Sciences