OSV-2026-535

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htmlunit/OSV-2026-535.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2026-535

Published

2026-04-05T00:10:08.687399Z

Modified

2026-04-05T00:10:08.687736Z

Summary

Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499447433

Crash type: Security exception
Crash state:
org.htmlunit.cyberneko.HTMLTagBalancer.endElement
java.base/sun.nio.cs.CESU_8.updatePositions
java.base/sun.nio.cs.CESU_8$Encoder.encodeArrayLoop

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499447433

Affected packages

OSS-Fuzz / htmlunit

Package

Name: htmlunit
Purl: pkg:generic/htmlunit

Affected ranges

Type: GIT
Repo: https://github.com/HtmlUnit/htmlunit.git
Events: Introduced

0747862ca9e647fcdb16b35c9f775eaa577f9aee

Fixed

7ae58fa2368d0ab209e6af06e0ebbc9ab6e9c7f4

Affected versions

4.*

4.19.0

4.20.0

4.21.0

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htmlunit/OSV-2026-535.yaml"

introduced_range

"69f12908fca8b940fa6cd114b0266b909fca0c1a:b750ca63a80698eddef3fc3457911bc21a825b58"