CVE-2026-4177Toddr · Yaml\
Vulnerability data via NVD (ingested)
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-4177product:"Toddr Yaml\" version:"\"http.html:"Yaml\"More intel sources (5)
vuln:CVE-2026-4177vulnerabilities.cve_id: CVE-2026-4177CVE-2026-4177CVE-2026-4177"CVE-2026-4177" exploit -site:nvd.nist.gov