CWE-674— Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.— MITRE CWE catalog
414 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-674page 9 of 9
- CVE-2026-55594MEDIUMCVSS 5.3EG 5.32026-07-01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provi…
- CVE-2026-56148MEDIUMCVSS 6.5EG 6.52026-07-01
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request…
- CVE-2026-57081HIGHCVSS 7.5EG 7.52026-06-30
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining b…
- CVE-2026-59927MEDIUMCVSS 5.3EG 5.32026-07-08
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include …
- CVE-2026-6479HIGHCVSS 7.5EG 7.52026-05-14
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via acces…
- CVE-2026-6527MEDIUMCVSS 5.5EG 5.52026-04-30
ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6811MEDIUMCVSS 5.9EG 5.92026-05-14
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.
- CVE-2026-6862MEDIUMCVSS 5.5EG 5.52026-04-22
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) devi…
- CVE-2026-6936MEDIUMCVSS 6.5EG 6.52026-05-27
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially …
- CVE-2026-7164HIGHCVSS 7.5EG 7.52026-04-30
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any …
- CVE-2026-7453MEDIUMCVSS 5.5EG 5.32026-05-26
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.
- CVE-2026-8936HIGHCVSS 8.2EG 8.22026-06-02
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker De…
- CVE-2026-9358MEDIUMCVSS 4.3EG 4.32026-05-24
A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled rec…
- CVE-2026-9740HIGHCVSS 7.5EG 7.52026-06-09
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits unc…
Map vulnerabilities like CWE-674 to your infrastructure
EchelonGraph correlates every CVE — across CWE-674 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →