cvedb.io
CVE-2026-24006
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-22T03:15:47.933 · Last modified 2026-06-17T10:22:28.090

Summary

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a `depthLimit` parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached.

Affected products

lxsmnsyc — seroval

Does this affect you?

Add your gear to cvedb and we'll alert you only when lxsmnsyc ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.