jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103713 advisory.

  - This DoS (Denial of Service) vulnerability allows an unauthenticated attacker to cause a resource to be   unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to   a network. (CVE-2026-29062)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16576 advisory.

  - jackson-core contains core low-level incremental (streaming) parser and generator abstractions used by     Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is     used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500)     defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user     to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure     is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0.
    (CVE-2026-29062)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - jackson-core contains core low-level incremental (streaming) parser and generator abstractions used by     Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is     used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500)     defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user     to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure     is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0.
    (CVE-2026-29062)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
316796	Atlassian Confluence 10.1.1 < 10.2.11 (CONFSERVER-103713)	Nessus	CGI abuses	high
316516	Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.3.5 (JSDSERVER-16576)	Nessus	Misc.	high
301708	Linux Distros Unpatched Vulnerability : CVE-2026-29062	Nessus	Misc.	high

Detections

Analytics

CVE-2026-29062

high

Tenable Plugins

high

high

high