What is CVE-2026-33320?

CVE-2026-33320 is a medium-severity vulnerability in Tomwright Dasel, classified under Uncontrolled Recursion. CVSS score: 6.2/10. Published 2026-03-24.

How severe is CVE-2026-33320?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Is CVE-2026-33320 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tomwright Dasel

CVE-2026-33320

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger…

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Tomwright Dasel — versions >= 3.0.0, < 3.3.2

Weakness classification (CWE)

CWE-674 — Uncontrolled Recursion

Public proof-of-concept exploits

References

https://github.com/TomWright/dasel/security/advisories/GHSA-4fcp-jxh7-23x8 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-33320?: CVE-2026-33320 is a medium-severity vulnerability in Tomwright Dasel, classified under Uncontrolled Recursion. CVSS score: 6.2/10. Published 2026-03-24.
How severe is CVE-2026-33320?: Medium severity. CVSS v3 base score is 6.2 out of 10.
Is CVE-2026-33320 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.