CVE-2026-24802 — jsonrpc4j has Infinite Loop in RPC Stream Writer

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in briandilley jsonrpc4j (src/main/java/com/googlecode/jsonrpc4j modules). This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0.

How to fix CVE-2026-24802

To remediate CVE-2026-24802, upgrade the affected package to a fixed version below.

Maven/com.github.briandilley.jsonrpc4j:jsonrpc4j—upgrade to 1.7.0 or later

Is CVE-2026-24802 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.7.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:L/AU:Y/R:A/V:D/RE:M/U:Amber

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-24802
WEBgithub.com/briandilley/jsonrpc4j
WEBgithub.com/briandilley/jsonrpc4j/commit/087f5268eaf901f90d1e84062def77faa52ad8b2
WEBgithub.com/briandilley/jsonrpc4j/pull/333