Skip to content
Threat Feed

Tag

Nestjs

2 briefs RSS
high advisory

NestJS Uncontrolled Recursion Denial-of-Service Vulnerability (CVE-2026-40879)

NestJS versions before 11.1.19 are susceptible to an uncontrolled recursion vulnerability (CVE-2026-40879) where sending many small JSON messages in a single TCP frame triggers a call stack overflow, resulting in a denial-of-service condition.

denial-of-service nestjs recursion cve-2026-40879 linux
2r 1t 1c
high advisory

NestJS Microservices Denial-of-Service via Recursive handleData

A denial-of-service vulnerability exists in NestJS's @nestjs/microservices package, affecting versions 11.1.18 and earlier, where an attacker can send multiple small, valid JSON messages within a single TCP frame, causing a stack overflow.

nestjs denial-of-service microservices
2r 1t