Denial of Service Vulnerability in Eclipse Parsson JSON Parser
CVE-2026-9563

7.5HIGH

Key Information:

Vendor
CVE Published:
2 July 2026

What is CVE-2026-9563?

Eclipse Parsson's JSON parser prior to version 1.1.8 is vulnerable due to the absence of a default maximum character limit when processing JSON documents. This flaw allows attackers to craft large JSON inputs that can lead to significant CPU and memory consumption, potentially resulting in a denial of service condition for the affected applications. Version 1.1.8 introduces a new feature to set a configurable maximum parsing limit, helping to mitigate this risk.

Affected Version(s)

Eclipse Parsson 1.0.0 <= 1.1.7

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mark Swatosh
.