CVE-2026-25204 | THREATINT

Description

Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335

PUBLISHED Reserved 2026-01-30 | Published 2026-04-13 | Updated 2026-04-14 | Assigner samsung.tv_appliance

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-502 Deserialization of untrusted data

CWE-843 Access of resource using incompatible type ('type confusion')

Product status

Default status

unaffected

97e8115ab1110bc502b4b5e4a0c689a71520d335

affected

Credits

LeeJaeWook finder

References

github.com/Samsung/escargot/pull/1554

cve.org (CVE-2026-25204)

nvd.nist.gov (CVE-2026-25204)

Download JSON