CVE-2026-45205

CVE-2026-45205: Apache Commons Configuration: StackOverflowError for YAML input with cycles

Vendor Apache Software Foundation

Product Apache Commons Configuration

Weakness CWE-674

Published May 14, 2026

Last update May 14, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0, which fixes the issue.

Key dates

Disclosure timeline

May 14, 2026 CVE published

May 14, 2026 Record updated