Excessive CPU Consumption in NCalc Product by Vendor
CVE-2026-55254

4.8MEDIUM

Key Information:

Vendor

Ncalc

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2026-55254?

NCalc, a popular expression evaluator for .NET, suffers from a vulnerability in the factorial operator implementation. Specifically, prior to version 6.1.1, the application allows specially crafted expressions with exceptionally large factorial operands to be evaluated. This flaw can lead to excessive CPU consumption or result in a non-terminating loop during computations, primarily when handling untrusted user input. The problem has been addressed in the latest release, version 6.1.1, which mitigates the risk associated with this flaw.

Affected Version(s)

ncalc < 6.1.1

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.