Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Universal-ctags Allows Uncontrolled Recursion on Local Host
CVE-2026-2641
Summary
A flaw in the universal-ctags ctags tool allows an attacker to cause the tool to enter an infinite loop on the local system. This could potentially be exploited by a malicious actor. Users should update to a fixed version as soon as possible.
Original title
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. E...
Original description
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-404
CWE-674
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026