A vulnerability, which was classified as problematic, was found in TomWright dasel up to 3.10.0. This affects the function
parseCurRune of the file selector/lexer/tokenize.go of the component Lexer. Executing a manipulation can lead to infinite loop.
This vulnerability is tracked as CVE-2026-46378. The attack is restricted to local execution. No exploit exists.