Numeric Truncation Vulnerability in uriparser Product by uriparser
CVE-2026-42371

5.1MEDIUM

Key Information:

Vendor: Uriparser
Status: Uriparser
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-42371?

The uriparser library, prior to version 1.0.1, is susceptible to a numeric truncation vulnerability during text range comparisons. This issue arises particularly when applications process URIs of significant length, measured in gigabytes. Such a vulnerability can cause unexpected behavior, leading to potential security risks in applications that rely on proper URI parsing. Careful attention is required when upgrading to the latest version to mitigate any associated risks.

Affected Version(s)

uriparser 0 < 1.0.1

References

https://github.com/uriparser/uriparser/pull/298

https://uriparser.github.io

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Apr 27, 2026

CVE-2026-42371 Data

JSON

Uriparser

What is CVE-2026-42371?

Affected Version(s)

References

CVSS V3.1

Timeline