snailsploit[$]
CVE Disclosure · Cross-Language OSS

CVE-2026-31899

CairoSVG · Python

Exponential DoS — recursive amplification

CVSS7.5
SeverityHigh
ClassExponential DoS
TrackCross-Language OSS

Summary

CVE-2026-31899 is a high-severity vulnerability (CVSS 7.5) affecting CairoSVG. Written in Python. The issue is classified as Exponential DoS — recursive amplification, part of the Cross-Language OSS disclosure track on this site.

References

Authoritative sources and PoC material:

NVDMITREPoC repoVendor

Disclosure

Reporter
Kai Aizen (snailsploit)
Coordination
Vendor + MITRE/NVD
Status
Disclosed · CVE assigned · entry public on NVD
Track
Cross-Language OSS

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

disclosure contextall 23 cves →
all disclosures
CVE Ledger →
23 published CVEs across container, web, OSS, kernel
advisories
GHSA disclosures →
coordinated security advisories
engage
Pen Testing →
same methodology, your stack
Author
Kai Aizen
Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesgithubxlinkedinresearchgate