HomeCVE Intelligence › CVE-2026-52746
CVSS 7.5 HIGH Vulnerability

CVE-2026-52746: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

Impact In JSONata ` = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update AS…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-52746
Vendornpm
Affected Productjsonata
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact

In JSONata ` = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation.

References

https://github.com/jsonata-js/jsonata/releases/tag/v2.2.0

Credit

Thank you to Doruk Tan Öztürk for disclosing this issue.

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/jsonata-js/jsonata/pull/782","confidence_score":0.82,"first_seen":"2026-07-02","source_count":1} {"type":"url","value":"https://github.com/jsonata-js/jsonata/pull/793.","confidence_score":0.82,"first_seen":"2026-07-02","source_count":1} {"type":"url","value":"https://github.com/jsonata-js/jsonata/releases/tag/v2.2.0","confidence_score":0.82,"first_seen":"2026-07-02","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-52746 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence