{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/ultrajson/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ujson (\u003c= 5.12.0)"],"_cs_severities":["medium"],"_cs_tags":["memory leak","denial of service","python","ujson","CVE-2026-44660"],"_cs_type":"advisory","_cs_vendors":["UltraJSON"],"content_html":"\u003cp\u003eA memory leak vulnerability exists in UltraJSON\u0026rsquo;s \u003ccode\u003eujson.dump()\u003c/code\u003e function (CVE-2026-44660). When \u003ccode\u003eujson.dump()\u003c/code\u003e writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not de-referenced, leaking memory. This means that each failed write operation leaks the full size of the serialized payload. This issue affects applications that use \u003ccode\u003eujson.dump()\u003c/code\u003e to serialize data to potentially unreliable file-like objects. Applications using \u003ccode\u003eujson.dumps()\u003c/code\u003e or only JSON load/decode methods are not affected. The vulnerability was patched in UltraJSON version 5.12.1. An attacker can exploit this vulnerability to cause a denial-of-service by exhausting the available memory.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an application that uses \u003ccode\u003eujson.dump()\u003c/code\u003e to serialize data to a file-like object.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input that, when processed by the application, triggers the \u003ccode\u003eujson.dump()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe application calls \u003ccode\u003eujson_dumps_internal()\u003c/code\u003e to serialize the data, allocating a Python string object.\u003c/li\u003e\n\u003cli\u003eThe application attempts to write the serialized data to a file-like object using the file\u0026rsquo;s \u003ccode\u003ewrite()\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the file-like object to raise an exception during the \u003ccode\u003ewrite()\u003c/code\u003e operation.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ewrite()\u003c/code\u003e method fails, raising an exception that is caught by the application.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eobjToJSONFile()\u003c/code\u003e function returns early due to the exception, without calling \u003ccode\u003ePy_DECREF(string)\u003c/code\u003e to de-reference the allocated string object.\u003c/li\u003e\n\u003cli\u003eThe leaked memory accumulates with each failed write attempt, eventually exhausting the application\u0026rsquo;s memory and causing a denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a denial-of-service condition, where the application becomes unresponsive due to memory exhaustion. In a web server context, an attacker can repeatedly make requests and close the connection mid-response to trigger the memory leak. This can quickly consume all available memory, causing the server to crash or become unavailable to legitimate users. This vulnerability can impact any application that uses \u003ccode\u003eujson.dump()\u003c/code\u003e and handles attacker-influenced file-like objects.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to UltraJSON version 5.12.1 or later to remediate the memory leak (see Remediation).\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003eujson.dump(obj, file)\u003c/code\u003e with \u003ccode\u003efile.write(ujson.dumps(obj))\u003c/code\u003e as a workaround to avoid the memory leak (see Workarounds).\u003c/li\u003e\n\u003cli\u003eEnable process memory monitoring to detect processes with unusual memory growth patterns, which may indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect UltraJSON ujson.dump Memory Leak\u003c/code\u003e to identify potential exploitation attempts by monitoring for write operations to file-like objects.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T22:28:04Z","date_published":"2026-05-12T22:28:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-ultrajson-memory-leak/","summary":"A memory leak vulnerability exists in UltraJSON's `ujson.dump()` function; when writing to a file-like object, if the write operation raises an exception, the serialized JSON string object is not properly de-referenced, leading to a memory leak (CVE-2026-44660).","title":"UltraJSON Memory Leak in ujson.dump() on Write Failure (CVE-2026-44660)","url":"https://feed.craftedsignal.io/briefs/2026-05-ultrajson-memory-leak/"}],"language":"en","title":"CraftedSignal Threat Feed — UltraJSON","version":"https://jsonfeed.org/version/1.1"}