universal-ctags V Language v.c parseExprList recursion_CVE-2026-2641

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2641

Source VulDB

Published Feb 18, 2026 at 05:32

Affected Product

Vendor universal-ctags

Product ctags

Version 6.2.0

Affected Versions universal-ctags ctags 6.2.0
universal-ctags ctags 6.2.1

CWE Classification

CWE-674 CWE-404

References

{
    "lastseen": "",
    "description": "A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-18T05:32:07.920Z",
    "modified": "2026-02-18T05:32:07.920Z",
    "type": "cve",
    "title": "universal-ctags V Language v.c parseExprList recursion",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346397\nhttps://vuldb.com/?ctiid.346397\nhttps://vuldb.com/?submit.752768\nhttps://github.com/universal-ctags/ctags/issues/4369\nhttps://github.com/oneafter/0116/blob/main/poc.v\nhttps://github.com/universal-ctags/ctags/",
    "id": "CVE-2026-2641",
    "bulletinFamily": "",
    "cwe": [
        "CWE-674",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "universal-ctags ctags 6.2.0\nuniversal-ctags ctags 6.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ctags",
    "version": "6.2.0",
    "vendor": "universal-ctags",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}