CVE-2026-4833: Uncontrolled Recursion in Orc discount
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."
AI Analysis
Technical Summary
This vulnerability affects the compile function in the markdown.c file of the Markdown Handler component in Orc discount versions 3.0.1.0 through 3.0.1.2. It allows an attacker with local access to trigger uncontrolled recursion by supplying an infinitely deep blockquote input, causing the application to crash. The vulnerability is confirmed by the project maintainer as a duplicate of an older bug. The CVSS 4.0 base score is 4.8, reflecting a medium severity with local attack vector, low complexity, and no required privileges beyond local access.
Potential Impact
The primary impact is a denial of service condition caused by application crash due to uncontrolled recursion. Exploitation requires local access and does not involve privilege escalation or remote attack vectors. There is no indication of data compromise or code execution from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The project maintainer acknowledges the issue and is working on a fix. Until an official patch is released, avoid processing untrusted or maliciously crafted markdown inputs locally to reduce risk.
CVE-2026-4833: Uncontrolled Recursion in Orc discount
Description
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the compile function in the markdown.c file of the Markdown Handler component in Orc discount versions 3.0.1.0 through 3.0.1.2. It allows an attacker with local access to trigger uncontrolled recursion by supplying an infinitely deep blockquote input, causing the application to crash. The vulnerability is confirmed by the project maintainer as a duplicate of an older bug. The CVSS 4.0 base score is 4.8, reflecting a medium severity with local attack vector, low complexity, and no required privileges beyond local access.
Potential Impact
The primary impact is a denial of service condition caused by application crash due to uncontrolled recursion. Exploitation requires local access and does not involve privilege escalation or remote attack vectors. There is no indication of data compromise or code execution from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The project maintainer acknowledges the issue and is working on a fix. Until an official patch is released, avoid processing untrusted or maliciously crafted markdown inputs locally to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-25T14:19:41.105Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c57a813c064ed76f9f9da1
Added to database: 3/26/2026, 6:27:13 PM
Last enriched: 4/3/2026, 1:07:45 PM
Last updated: 5/10/2026, 1:53:27 PM
Views: 88
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.