CVE-2026-1990 | oatpp up to 1.3.1 Type.hpp ObjectWrapper null pointer dereference (Issue 1080)

Inserito da Angelo Barbosa | Feb 5, 2026 | CVE

A vulnerability identified as problematic has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference.

This vulnerability is uniquely identified as CVE-2026-1990. Local access is required to approach this attack. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1990 | oatpp up to 1.3.1 Type.hpp ObjectWrapper null pointer dereference (Issue 1080)

Post correlati

CVE-2025-38347 | Linux Kernel up to 6.6.94/6.12.34/6.15.3 f2fs hung_task_timeout_secs deadlock

CVE-2024-2940 | Campcodes Online Examination System 1.0 updateCourse.php id cross site scripting

CVE-2023-41877 | GeoServer up to 2.23.4 Admin Console path traversal (GHSA-8g7v-vjrc-x4g5)

CVE-2024-28180 | go-jose up to 2.6.2/3.0.2/4.0.0 JWE data amplification (GHSA-c5q2-7r4c-mv6g)