CVE-2026-24816
Infinite Loop Vulnerability in datavane tis ChangeDomainAction Module
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datavane | tis | to 4.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Infinite Loop issue caused by a loop with an unreachable exit condition in the datavane tis software, specifically in the ChangeDomainAction.Java file. It affects versions before v4.3.0 and can cause the program to hang or become unresponsive due to the infinite loop.
How can this vulnerability impact me? :
The infinite loop vulnerability can cause the affected application to become unresponsive or hang, potentially leading to denial of service conditions. This can disrupt normal operations and availability of the software.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the datavane tis software to version 4.3.0 or later, where the issue has been addressed. Additionally, review and apply security patches related to cookie handling as indicated in the pull request #444 in the datavane/tis repository, which improves protection against common web attacks and mitigates exploitation risks. [1]