What is CVE-2026-54297?

CVE-2026-54297 is a high-severity vulnerability in Lostisland Faraday, classified under Uncontrolled Recursion. CVSS score: 7.5/10. Published 2026-06-24.

How severe is CVE-2026-54297?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Lostisland Faraday

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decod…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Lostisland Faraday — versions >= 1.0.0, < 1.10.6, >= 2.0.0.alpha.pre.1, < 2.14.3

Weakness classification (CWE)

CWE-674 — Uncontrolled Recursion

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-54297?: CVE-2026-54297 is a high-severity vulnerability in Lostisland Faraday, classified under Uncontrolled Recursion. CVSS score: 7.5/10. Published 2026-06-24.
How severe is CVE-2026-54297?: High severity. CVSS v3 base score is 7.5 out of 10.