Description
Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java.

This issue affects chunjun: before 1.16.1.
Published: 2026-03-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service and Stack Overflow
Action: Patch Now
AI Analysis

Impact

DTStack chunjun’s core utility deserializes incoming data without verifying its integrity, leading to a stack overflow when malicious input is processed. This flaw results in a denial‑of‑service condition for affected applications.

Affected Systems

The vulnerability applies to all installations of DTStack chunjun that use the chunjun-core component and are running versions earlier than 1.16.1. Any deployment that incorporates these components is at risk.

Risk and Exploitability

The CVSS base score of 8.7 indicates high severity. EPSS data is unavailable and the vulnerability is not cataloged in the CISA KEV list. The attack most likely requires an attacker to supply crafted input to the deserialization routine, which can cause application crashes or extended downtime.

Generated by OpenCVE AI on March 24, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to DTStack chunjun version 1.16.1 or later.

Generated by OpenCVE AI on March 24, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dtstack
Dtstack chunjun
Vendors & Products Dtstack
Dtstack chunjun

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1.
Title A stack overflow and DoS vulnerability in DTStack/chunjun
Weaknesses CWE-502
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/S:N/AU:Y/R:U/V:C/RE:M/U:Amber'}

Subscriptions

Dtstack Chunjun
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:36:43.076Z

Reserved: 2026-03-24T03:07:43.669Z

Link: CVE-2026-4735

cve-icon Vulnrichment

Updated: 2026-03-24T14:36:39.466Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:26.117

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4735

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:22Z

Weaknesses