Buffer overflow in Ruby Json
CVE-2026-54696
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io) and JSON::S…
Vulnerability class: Buffer Overflow
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Ruby Json — versions >= 2.9.0, < 2.19.9
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2026-54696?
- CVE-2026-54696 is a low-severity vulnerability in Ruby Json, classified under Heap-based Buffer Overflow. CVSS score: 3.7/10. Published 2026-06-30.
- How severe is CVE-2026-54696?
- Low severity. CVSS v3 base score is 3.7 out of 10.