CRITICAL🇵🇱 Wersja polska

CVE-2026-24816

CVSS 10.0v4.0pub. 2026-01-27upd. 2026-04-15

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0.

🤖 AI Analysis
How it works

The CWE-835 class error ('Loop with Unreachable Exit Condition') occurs in the ChangeDomainAction.java file, located in the tis-console module (path: src/main/java/com/qlangtech/tis/runtime/module/action). The loop in the code has an exit condition that can never be satisfied, causing program execution to block indefinitely. An attacker can trigger this condition remotely, without authentication and without user interaction, which classifies the attack vector as network-based with zero complexity.

Impact

An attacker can cause permanent suspension (denial of service) of the affected TIS component, and due to the high impact on the confidentiality and integrity of the parent system (SC:H, SI:H), there is a risk of destabilization of the broader environment in which TIS is deployed.

Mitigation & patch

Update datavane TIS to version v4.3.0 or newer. The patch is available as pull request #444 in the project repository on GitHub (https://github.com/datavane/tis/pull/444).

Who is affected

datavane TIS in all versions prior to v4.3.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References