CVE-2025-50537

Published: Jan 26, 2026

Modified: Jan 26, 2026

PUBLISHED

Description

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/eslint/eslint/issues/19646

https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbc

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-50537

Description

Affected Products

References