Denial of Service Vulnerability in Eclipse Parsson JSON Parser
CVE-2026-9563
7.5HIGH
What is CVE-2026-9563?
Eclipse Parsson's JSON parser prior to version 1.1.8 is vulnerable due to the absence of a default maximum character limit when processing JSON documents. This flaw allows attackers to craft large JSON inputs that can lead to significant CPU and memory consumption, potentially resulting in a denial of service condition for the affected applications. Version 1.1.8 introduces a new feature to set a configurable maximum parsing limit, helping to mitigate this risk.
Affected Version(s)
Eclipse Parsson 1.0.0 <= 1.1.7
