CVE-2026-25204 PUBLISHED

Assigner: samsung.tv_appliance
Reserved: 30.01.2026 Published: 13.04.2026 Updated: 13.04.2026

Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort.

This issue affects escarogt prior to commit hash

97e8115ab1110bc502b4b5e4a0c689a71520d335

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.2

Product Status

Vendor Samsung Open Source
Product Escargot
Versions Default: unaffected
  • Version 97e8115ab1110bc502b4b5e4a0c689a71520d335 is affected

References

Problem Types

  • CWE-502 Deserialization of untrusted data CWE
  • CWE-843 Access of resource using incompatible type ('type confusion') CWE

Impacts

  • CAPEC-586 Object Injection