Intel

AIKIDO-2026-249071

jsonschema is vulnerable to Uncontrolled Recursion

Uncontrolled Recursion Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Yesterday

59

Medium Risk

This Affects:

RUSTjsonschema
0.24.0 - 0.46.9
Fixed in 0.46.10
Are you affected? Scan for Free

TL;DR

The unevaluatedProperties and unevaluatedItems keywords are compiled into a recursive validator structure that eagerly follows $ref and $dynamicRef references to collect evaluated locations. When a schema contains a self-referential $dynamicRef combined with unevaluatedProperties or unevaluatedItems, the dynamic reference is followed back into itself with no cycle guard and recurses until the call stack is exhausted. A crafted schema therefore aborts the whole process with a stack overflow while the validator is being built instead of returning a result. The fix caches pending validators and adds a marking stack with cycle detection that break the recursive $dynamicRef cycle.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application compiles or validates JSON schemas that can be influenced by untrusted input.

Background info

jsonschema is vulnerable to Uncontrolled Recursion in versions 0.24.0 - 0.46.9.

How to fix this

Upgrade the jsonschema library to the patch version.