CWE-835— Loop with Unreachable Exit Condition (Infinite Loop)
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.— MITRE CWE catalog
730 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-835page 15 of 15
- CVE-2026-5407MEDIUMCVSS 5.5EG 5.52026-04-30
SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-54417HIGHCVSS 7.5EG 7.52026-06-17
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes th…
- CVE-2026-54530MEDIUMCVSS 5.5EG 5.52026-06-16
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixe…
- CVE-2026-54531MEDIUMCVSS 5.5EG 5.52026-06-16
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability…
- CVE-2026-54651MEDIUMCVSS 5.5EG 5.52026-06-22
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulne…
- CVE-2026-54772HIGHCVSS 7.5EG 7.52026-06-19
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endp…
- CVE-2026-54886MEDIUMCVSS 4.3EG 4.32026-07-02
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle_data/4 function in ssh_sftpd contai…
- CVE-2026-54904HIGHCVSS 7.5EG 7.52026-06-19
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicRef…
- CVE-2026-55199HIGHCVSS 7.5EG 5.92026-06-17
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by send…
- CVE-2026-55595MEDIUMCVSS 4.7EG 4.72026-07-01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This …
- CVE-2026-55865HIGHCVSS 7.1EG 7.12026-06-19
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed {% case %} tag without an associated {% when %} or {% else %} block and no terminating {% endcase %} tag, Python Liquid hangs in an infini…
- CVE-2026-56289MEDIUMCVSS 4.6EG 4.62026-07-09
GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the…
- CVE-2026-59874HIGHCVSS 7.5EG 7.52026-07-08
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly pars…
- CVE-2026-59877HIGHCVSS 7.5EG 7.52026-07-08
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted …
- CVE-2026-59879HIGHCVSS 7.5EG 7.52026-07-08
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 …
- CVE-2026-59935HIGHCVSS 7.5EG 7.52026-07-08
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop d…
- CVE-2026-6519MEDIUMCVSS 5.5EG 5.52026-04-30
MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6520MEDIUMCVSS 5.5EG 5.52026-04-30
OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6521MEDIUMCVSS 5.5EG 5.52026-04-30
OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6522MEDIUMCVSS 5.5EG 5.52026-04-30
RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6523MEDIUMCVSS 5.5EG 5.52026-04-30
GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6528MEDIUMCVSS 5.5EG 5.52026-04-30
TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service
- CVE-2026-6531MEDIUMCVSS 5.5EG 5.52026-04-30
SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6534MEDIUMCVSS 5.5EG 5.52026-04-30
USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6536MEDIUMCVSS 5.5EG 5.52026-04-30
DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
- CVE-2026-6684MEDIUMCVSS 4.6EG 4.62026-07-01
FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835…
- CVE-2026-6985MEDIUMCVSS 5.3EG 5.32026-04-25
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite …
- CVE-2026-7263HIGHCVSS 7.5EG 7.52026-05-10
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent process…
- CVE-2026-7375MEDIUMCVSS 5.5EG 5.52026-04-30
UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-8318MEDIUMCVSS 5.3EG 5.32026-05-11
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of the component PDF Table of Con…
Map vulnerabilities like CWE-835 to your infrastructure
EchelonGraph correlates every CVE — across CWE-835 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →