QwikSec

Security Database

CVE

CWE

Training

CVE-2026-44660

Published: May 27, 2026

Modified: May 30, 2026

PUBLISHED

Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. This vulnerability is fixed in 5.12.1.

Vendor	Product	Versions
ultrajson	ultrajson	affected `< 5.12.1`

Weaknesses (CWE)

References

https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg

x_refsource_CONFIRM

https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9

x_refsource_MISC

https://github.com/ultrajson/ultrajson/releases/tag/5.12.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.