Intel

AIKIDO-2026-456232

jsonschema-rs is vulnerable to Uncontrolled Recursion

Uncontrolled Recursion Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Yesterday

59

Medium Risk

This Affects:

PYTHONjsonschema-rs
0.24.0 - 0.46.9
Fixed in 0.46.10
Are you affected? Scan for Free

TL;DR

The unevaluatedProperties and unevaluatedItems keywords are compiled into a recursive validator structure that eagerly follows $ref and $dynamicRef references to collect evaluated locations. When a schema contains a self-referential $dynamicRef combined with unevaluatedProperties or unevaluatedItems, the dynamic reference is followed back into itself with no cycle guard and recurses until the call stack is exhausted. A crafted schema therefore aborts the whole process with a stack overflow while the validator is being built instead of returning a result. The fix caches pending validators and adds a marking stack with cycle detection that break the recursive $dynamicRef cycle.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application compiles or validates JSON schemas that can be influenced by untrusted input.

Background info

jsonschema-rs is vulnerable to Uncontrolled Recursion in versions 0.24.0 - 0.46.9.

How to fix this

Upgrade the jsonschema-rs library to the patch version.