What is CVE-2026-30922?

CVE-2026-30922 is a high-severity vulnerability in Pyasn1, classified under Uncontrolled Recursion. CVSS score: 7.5/10. Published 2026-03-18.

How severe is CVE-2026-30922?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Pyasn1

CVE-2026-30922

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can s…

EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Pyasn1 — versions < 0.6.3

Weakness classification (CWE)

CWE-674 — Uncontrolled Recursion

References

https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r (x_refsource_CONFIRM, Exploit, Vendor Advisory)
https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0 (Patch, x_refsource_MISC)
af854a3a-2127-422b-91ae-364da2661108
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2026-30922?: CVE-2026-30922 is a high-severity vulnerability in Pyasn1, classified under Uncontrolled Recursion. CVSS score: 7.5/10. Published 2026-03-18.
How severe is CVE-2026-30922?: High severity. CVSS v3 base score is 7.5 out of 10.