IBM Qiskit SDK 0.43.0-2.5.0: Parser Recursion Causing Segfault DoS: CVE-2026-4870 June 2026

Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.

Vulnerability Analysis

CVE-2026-4870 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2026-4870

Want to know whenever a new CVE is published for IBM Qiskit Sdk? stack.watch will email you.

IBM Qiskit SDK 0.43.0-2.5.0: Parser Recursion Causing Segfault DoS
CVE-2026-4870 Published on June 12, 2026

Vulnerability Analysis

Products Associated with CVE-2026-4870

Affected Versions

IBM Qiskit SDK 0.43.0-2.5.0: Parser Recursion Causing Segfault DoSCVE-2026-4870 Published on June 12, 2026

Vulnerability Analysis

Products Associated with CVE-2026-4870

Affected Versions

IBM Qiskit SDK 0.43.0-2.5.0: Parser Recursion Causing Segfault DoS
CVE-2026-4870 Published on June 12, 2026