Vulnerability Details CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2026-0708
-
cpe:2.3:a:vstakhov:libucl:-
-
cpe:2.3:a:vstakhov:libucl:0.2.0
-
cpe:2.3:a:vstakhov:libucl:0.2.1
-
cpe:2.3:a:vstakhov:libucl:0.2.2
-
cpe:2.3:a:vstakhov:libucl:0.2.3
-
cpe:2.3:a:vstakhov:libucl:0.2.6
-
cpe:2.3:a:vstakhov:libucl:0.3.1
-
cpe:2.3:a:vstakhov:libucl:0.4.0
-
cpe:2.3:a:vstakhov:libucl:0.5.1
-
cpe:2.3:a:vstakhov:libucl:0.5.2
-
cpe:2.3:a:vstakhov:libucl:0.6.1
-
cpe:2.3:a:vstakhov:libucl:0.7.1
-
cpe:2.3:a:vstakhov:libucl:0.7.2
-
cpe:2.3:a:vstakhov:libucl:0.7.3
-
cpe:2.3:a:vstakhov:libucl:0.8.0
-
cpe:2.3:a:vstakhov:libucl:0.8.1
-
cpe:2.3:a:vstakhov:libucl:0.8.2
-
cpe:2.3:a:vstakhov:libucl:0.9.0
-
cpe:2.3:a:vstakhov:libucl:0.9.1
-
cpe:2.3:a:vstakhov:libucl:0.9.2
-
cpe:2.3:a:vstakhov:libucl:0.9.3
-
cpe:2.3:a:vstakhov:libucl:0.9.4