Vendor
A high-severity vulnerability, CVE-2026-52746, in JSONata versions prior to 2.2.0 allows unauthenticated attackers to cause a denial of service by exploiting superlinear backtracking in the ISO-8601 validation regex through malicious inputs to the `$toMillis` function, leading to resource exhaustion and application unresponsiveness.