Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.3

OWASP DefectDojo may crash due to malicious zip file input

CVE-2026-3816
Summary

A security issue in OWASP DefectDojo could allow a hacker to crash the system by sending a malicious zip file. This could happen if a user or the system accidentally processes a bad zip file. To fix the problem, update OWASP DefectDojo to the latest version.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
owasp defectdojo <= 2.56.0 –
Original title
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefender...
Original description
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
nvd CVSS2.0 4.0
nvd CVSS3.1 4.3
nvd CVSS4.0 5.3
Vulnerability type
CWE-404
CWE-1284
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026