What is CVE-2026-31808?

CVE-2026-31808 is a medium-severity vulnerability in Sindresorhus File-type, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 5.3/10. Published 2026-03-10.

How severe is CVE-2026-31808?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Sindresorhus File-type

CVE-2026-31808

file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of…

EPSS: 0.000 (9.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Sindresorhus File-type — versions >= 13.0.0, < 21.3.1

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

https://github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473 (x_refsource_CONFIRM)
https://github.com/sindresorhus/file-type/commit/319abf871b50ba2fa221b4a7050059f1ae096f4f (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-31808?: CVE-2026-31808 is a medium-severity vulnerability in Sindresorhus File-type, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 5.3/10. Published 2026-03-10.
How severe is CVE-2026-31808?: Medium severity. CVSS v3 base score is 5.3 out of 10.