Resource exhaustion in Hedgedoc

CVE-2026-58486

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-y…

Vulnerability class: DoS (Denial of Service)

Affected products

Weakness classification (CWE)

References