IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
History

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm qiskit Software Development Kit
CPEs cpe:2.3:a:ibm:qiskit_software_development_kit:*:*:*:*:*:*:*:*
Vendors & Products Ibm qiskit Software Development Kit

Mon, 15 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Ibm qiskit
Vendors & Products Ibm qiskit

Fri, 12 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Fri, 12 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
Title Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.
First Time appeared Ibm
Ibm qiskit Sdk
CPEs cpe:2.3:a:ibm:qiskit_sdk:0.43.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qiskit_sdk:2.5.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm qiskit Sdk
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-06-12T20:52:58.528Z

Updated: 2026-06-15T13:37:47.830Z

Reserved: 2026-03-25T21:23:18.986Z

Link: CVE-2026-4870

cve-icon Vulnrichment

Updated: 2026-06-15T13:36:51.449Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-12T21:16:23.963

Modified: 2026-06-16T19:20:29.593

Link: CVE-2026-4870

cve-icon Redhat

No data.