Cyber Posture

CVE-2026-27942

High

Published: 26 February 2026

Published
26 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 17.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27942 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Naturalintelligence Fast-Xml-Parser. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote unauthenticated stack overflow in XML builder (public-facing apps) directly enables T1190 exploitation and T1499.004 application/system exploitation resulting in DoS crash.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with…

more

`preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.

Deeper analysisAI

CVE-2026-27942 is a stack overflow vulnerability (CWE-120) in the fast-xml-parser JavaScript library, which provides XML validation, parsing to JavaScript objects, and XML building from objects without C/C++ dependencies or callbacks. The flaw affects versions prior to 5.3.8 and causes the application to crash when the XML builder is invoked with the preserveOrder option set to true.

With a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the vulnerability is exploitable remotely over the network with low attack complexity, requiring no privileges, user interaction, or privilege escalation. Any unauthenticated attacker can supply crafted input to the XML builder, triggering a stack overflow that results in denial of service through application termination.

The vulnerability is addressed in fast-xml-parser version 5.3.8. Workarounds include using the XML builder with preserveOrder set to false or validating input data prior to passing it to the builder. Additional details are provided in the GitHub security advisory (GHSA-fj3w-jwp8-x2g3), pull request 791, and fixing commit c13a961910f14986295dd28484eee830fa1a0e8a.

Details

CWE(s)
CWE-120

Affected Products

naturalintelligence
fast-xml-parser
≤ 4.5.4 · 5.0.0 — 5.3.8

CVEs Like This One

CVE-2026-33036Same product: Naturalintelligence Fast-Xml-Parser
CVE-2026-25128Same product: Naturalintelligence Fast-Xml-Parser
CVE-2026-26278Same product: Naturalintelligence Fast-Xml-Parser
CVE-2026-25896Same product: Naturalintelligence Fast-Xml-Parser
CVE-2025-69807Shared CWE-120
CVE-2025-50672Shared CWE-120
CVE-2025-50653Shared CWE-120
CVE-2025-50644Shared CWE-120
CVE-2025-50666Shared CWE-120
CVE-2025-50669Shared CWE-120

References