Product
A vulnerability, CVE-2026-59869, in the `js-yaml` library allows attackers to craft malicious YAML merge-key chains, which can lead to quadratic CPU consumption and a Denial of Service condition in applications processing the input.