Excessive CPU Consumption in NCalc Product by Vendor
CVE-2026-55254
4.8MEDIUM
What is CVE-2026-55254?
NCalc, a popular expression evaluator for .NET, suffers from a vulnerability in the factorial operator implementation. Specifically, prior to version 6.1.1, the application allows specially crafted expressions with exceptionally large factorial operands to be evaluated. This flaw can lead to excessive CPU consumption or result in a non-terminating loop during computations, primarily when handling untrusted user input. The problem has been addressed in the latest release, version 6.1.1, which mitigates the risk associated with this flaw.
Affected Version(s)
ncalc < 6.1.1
