CVE 8.7 HIGH

UltraJSON: Memory Leak in ujson.dump() on Write Failure_CVE-2026-44660

May 27, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. This vulnerability is fixed in 5.12.1.

AI Analysis

Memory leak in ujson.dump() when write operation raises an exception

Basic Information

ID CVE-2026-44660

Source GitHub_M

Published May 27, 2026 at 20:42

Affected Product

Vendor ultrajson

Product ultrajson

Version < 5.12.1

Affected Versions ultrajson ultrajson < 5.12.1

CWE Classification

CWE-401

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor ultrajson

Product UltraJSON

Version < 5.12.1

References

{
    "lastseen": "",
    "description": "UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. This vulnerability is fixed in 5.12.1.",
    "published": "2026-05-27T20:42:59.830Z",
    "modified": "2026-05-27T20:42:59.830Z",
    "type": "cve",
    "title": "UltraJSON: Memory Leak in ujson.dump() on Write Failure",
    "source": "GitHub_M",
    "references": "https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg\nhttps://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9\nhttps://github.com/ultrajson/ultrajson/releases/tag/5.12.1",
    "id": "CVE-2026-44660",
    "bulletinFamily": "",
    "cwe": [
        "CWE-401"
    ],
    "cvelist": null,
    "sourceData": "ultrajson ultrajson < 5.12.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ultrajson",
    "version": "< 5.12.1",
    "vendor": "ultrajson",
    "ai_description": "Memory leak in ujson.dump() when write operation raises an exception",
    "ai_severity": "High",
    "ai_vendor": "ultrajson",
    "ai_product": "UltraJSON",
    "ai_version": "< 5.12.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply