HomeCVE Intelligence › CVE-2026-49451
CVSS 7.5 HIGH Vulnerability

CVE-2026-49451: Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

Impact A small OpenAPI document containing a circular schema reference can cause process termination through stack overflow in Microsoft.OpenApi. The issue affects OpenAPI document parsing through public OpenAPI.NET rea…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49451
Vendornuget
Affected ProductMicrosoft.OpenAPI
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact A small OpenAPI document containing a circular schema reference can cause process termination through stack overflow in Microsoft.OpenApi. The issue affects OpenAPI document parsing through public OpenAPI.NET reader APIs and has been confirmed across both JSON and YAML reader paths.

Affected versions - >= 2.0.0-preview11, = 3.0.0, workflow. That workflow parses OpenAPI files in-process using Microsoft.OpenApi and Microsoft.OpenApi.YamlReader.

Example payload ``json

{ "openapi": "3.0.0", "info": { "title": "Test", "version": "0.0.1" }, "paths": {}, "components": { "schemas": { "A": { "$ref": "#/components/schemas/B" }, "B": { "$ref": "#/components/schemas/A" } } } } `

Remediation Users should upgrade to Microsoft.OpenApi 2.7.5 or 3.5.4`, depending on the major

🎯 Known Indicators of Compromise

{"type":"domain","value":"openapi.net","confidence_score":0.75,"first_seen":"2026-06-30","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49451 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence