Denial of Service Vulnerability in connorskees Grass UTF-8 Character Handler
CVE-2026-14650
Key Information:
- Vendor
Connorskees
- Status
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14650?
A vulnerability exists in connorskees Grass versions up to 0.13.4 within the UTF-8 Character Handler's function grass_compiler::raw_to_parse_error. This flaw allows for manipulation that can lead to a Denial of Service (DoS) condition. While the attack is limited to local execution, it is noteworthy that similar vulnerabilities in Sass compilers are typically trivial to exploit due to recursive functions, infinite loops, and nested mixins. The maintainer clarified in Issue #117 that the compile time is not expected to be linear relative to input, making this a substantial concern for those utilizing the affected versions.
Affected Version(s)
grass 0.13.0
grass 0.13.1
grass 0.13.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
