CVE-2026-2641

Vulnerability

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

launchpad.net/ubuntu-cve-tracker: https://github.com/oneafter/0116/blob/main/poc.v
launchpad.net/ubuntu-cve-tracker: https://github.com/universal-ctags/ctags/
launchpad.net/ubuntu-cve-tracker: https://github.com/universal-ctags/ctags/issues/4369
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?ctiid.346397
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?id.346397
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?submit.752768
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2026-2641

severitym

medium

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2026-02-19 00:00:00

Detection

No detection criteria available for this vulnerability.

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

FutureVuls|GitHub