Back to overview

CVE-2026-55254

MEDIUM
4.8
CVSS 3.1
Description
NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due to integer overflow in the factorial calculation logic when applications evaluate untrusted expressions. This issue is fixed in version 6.1.1.

Metadata

CVE ID
CVE-2026-55254
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-06-16 16:44 UTC
Published
2026-07-17 19:55 UTC
Last updated
2026-07-17 19:55 UTC
Primary CWE
CWE-770
CWE-770: Allocation of Resources Without Limits or Throttlin…
Vendor / Product
ncalc / ncalc
Sources
cve.org  ·  NVD

Severity & Metrics

4.8 MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
ncalc ncalc < 6.1.1
Weakness (CWE)
CWESourceDescription
CWE-190 cna CWE-190: Integer Overflow or Wraparound
CWE-770 cna CWE-770: Allocation of Resources Without Limits or Throttling
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.8 MEDIUM 3.1 cna CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References (4)
Back to overview