CVE-2026-9358 | postcss up to 7.1.1 AST Serialization container.js toString recursion

A vulnerability was found in postcss up to 7.1.1 and classified as problematic. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion.

This vulnerability is registered as CVE-2026-9358. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor explains, that according to his definition “DoS on server-side on user-generated CSS is low risk for us (since most users compile own CSS with PostCSS).”VulDB Recent EntriesRead More