{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-52746/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["JSONata (\u003c 2.2.0)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","nodejs","vulnerability","CVE-2026-52746"],"_cs_type":"advisory","_cs_vendors":["JSONata"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-52746, has been identified in JSONata versions prior to 2.2.0. This flaw enables attackers to initiate a denial of service (DoS) by leveraging specially crafted, non-matching inputs to the \u003ccode\u003e$toMillis\u003c/code\u003e function. These malicious inputs trigger superlinear backtracking within the ISO-8601 validation regex, resulting in significant CPU resource consumption. Applications that evaluate user-provided JSONata expressions are particularly susceptible, as exploitation can render them unresponsive or cause crashes. The issue was disclosed by Doruk Tan Öztürk and has been addressed in JSONata version 2.2.0 through fixes implemented in pull requests #782 and #793. Developers are urged to update their JSONata dependencies immediately to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker crafts malicious JSONata expression\u003c/strong\u003e: An attacker creates a JSONata expression specifically designed with non-matching inputs for the \u003ccode\u003e$toMillis\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker delivers expression to vulnerable application\u003c/strong\u003e: The malicious JSONata expression is submitted to a web application or service that processes user-controlled JSONata queries.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerable application evaluates expression\u003c/strong\u003e: The application, running an affected JSONata version (\u003ccode\u003e\u0026lt; 2.2.0\u003c/code\u003e), attempts to evaluate the provided expression and validate the \u003ccode\u003e$toMillis\u003c/code\u003e input using its ISO-8601 regex.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRegex backtracking consumes excessive resources\u003c/strong\u003e: The malformed input triggers a superlinear backtracking issue within the ISO-8601 validation regex, leading to a significant increase in the application's CPU utilization.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApplication becomes unresponsive\u003c/strong\u003e: Due to the consumed resources, the application experiences a denial of service, becoming slow, unresponsive, or crashing entirely.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-52746 results in a denial of service (DoS) condition for applications utilizing vulnerable JSONata versions. Affected organizations may experience application unresponsiveness, service outages, and potential data processing interruptions. While no specific victim counts or targeted sectors were provided, any application parsing untrusted JSONata expressions is at risk of resource exhaustion and service disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade JSONata to version \u003ccode\u003e2.2.0\u003c/code\u003e or newer to patch CVE-2026-52746.\u003c/li\u003e\n\u003cli\u003eReview applications that process user-provided JSONata expressions to ensure they are using patched versions of \u003ccode\u003enpm/jsonata\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T11:29:50Z","date_published":"2026-07-03T11:29:50Z","id":"https://feed.craftedsignal.io/briefs/2026-07-jsonata-dos/","summary":"A high-severity vulnerability, CVE-2026-52746, in JSONata versions prior to 2.2.0 allows unauthenticated attackers to cause a denial of service by exploiting superlinear backtracking in the ISO-8601 validation regex through malicious inputs to the `$toMillis` function, leading to resource exhaustion and application unresponsiveness.","title":"JSONata $toMillis Function Vulnerability Leads to Denial of Service (CVE-2026-52746)","url":"https://feed.craftedsignal.io/briefs/2026-07-jsonata-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - CVE-2026-52746","version":"https://jsonfeed.org/version/1.1"}