Vulnerabilities

CVE-2026-27807 - MarkUs: YAML alias (‘billion laughs’) DoS in config upload

2026-03-06 0 views admin

CVE ID : CVE-2026-27807 Published : March 6, 2026, 2:48 a.m. | 1 hour, 1 minute ago Description : MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-27807

Published

March 6, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-27807

CVE-2026-27807 - MarkUs: YAML alias (‘billion laughs’) DoS in config upload

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-25962 - MarkUs: Zip bomb in config upload enables DoS

CVE-2026-28497 - TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

CVE-2026-29046 - TinyWeb: HTTP Header Control Character Injection into CGI Environment

CVE-2026-29093 - WWBN AVideo: Unauthenticated PHP session store exposed to host network via publi...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting