Denial of Service Vulnerability in Samsung Open Source Escargot JavaScript
CVE-2026-25204

6.2MEDIUM

Key Information:

Vendor: Samsung Open Source Escargot Javascript Engine
Status: Samsung Open Source
Vendor: CVE Published:; 13 April 2026

🔔 Create Samsung Open Source Escargot Javascript Engine Vulnerability Alert

What is CVE-2026-25204?

A deserialization of untrusted data vulnerability in Samsung's Open Source Escargot JavaScript enables an attacker to exploit the system, potentially leading to a denial of service condition via process interruption. This issue affects the Escargot version prior to the specified commit hash, possibly allowing malicious users to manipulate data flow and result in application instability. For details on the fix, check the official update in the GitHub repository.

Affected Version(s)

Samsung Open Source 97e8115ab1110bc502b4b5e4a0c689a71520d335

References

https://github.com/Samsung/escargot/pull/1554

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Jan 30, 2026

CVE-2026-25204 Data

JSON