CVE-2026-33320 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33320 PUBLISHED CVSS 6.199999809265137 MEDIUM

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

EPSS 0.01% · 2.1th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.01%

2.1th percentile

Affected Products

Vendor	Product	Versions
TomWright	dasel	>= 3.0.0, < 3.3.2, >= 3.0.0, < 3.3.2, >= 3.0.0, < 3.3.2
github.com	tomwright/dasel/v3	3.0.0, 3.0.0, 3.0.0
tomwright	dasel	3.0.0, 3.0.0, 3.0.0

Timeline

Mar 19, 2026 CVE Published
Mar 20, 2026 Security Advisory
Mar 24, 2026 EPSS Score
Mar 25, 2026 CVE Updated
Mar 25, 2026 EPSS Score

References

Open in Interactive Console →