CVE-2026-31899 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: March 13, 2026
Kozea CairoSVG - Denial of Service
Overview
Kozea CairoSVG contains an exponential denial of service caused by recursive <use> element amplification in cairosvg/defs.py, letting attackers exhaust CPU resources remotely, exploit requires crafted SVG input.
Severity & Score
Impact
Attackers can exhaust CPU resources causing denial of service with a small crafted SVG input.
Mitigation
Update to the latest version of CairoSVG.
References
Social Media Activity(2 posts)
š CVE-2026-31899 - High (7.5) CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input. š https://www.thehackerwire.com/vulnerability/CVE-2026-31899/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-31899 - High (7.5) CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input. š https://www.thehackerwire.com/vulnerability/CVE-2026-31899/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-31899
- Severity
- High
- CVSS Score
- 7.5
- Type
- denial_of_service
- Status
- new
- EPSS
- 4.0%
- Social Posts
- 2
CWE
- CWE-674
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H