CVE-2026-8295

UNKNOWN 0.0

Integer overflow in simdjson

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output. This vulnerability has been fixed in 4.6.4 release

CWE	CWE-190
Vendor	simdjson
Product	simdjson
Published	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for simdjson simdjson

Be the first to know when new unknown vulnerabilities affecting simdjson simdjson are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

simdjson / simdjson

0 < 4.6.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/simdjson/simdjson/releases/tag/v4.6.4 cert.pl: https://cert.pl/posts/2026/05/CVE-2026-8295

Credits

Michał Majchrowicz (AFINE) Marcin Wyczechowski (AFINE)