A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-404
jsbroks COCO Annotator Endpoint long_task denial of service
Problem type
Affected products
jsbroks
COCO Annotator
0.11.0 - AFFECTED
0.11.1 - AFFECTED
References
VDB-344684 | jsbroks COCO Annotator Endpoint long_task denial of service
https://vuldb.com/?id.344684
VDB-344684 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.344684
Submit #745547 | coco-annotator 0.11.1 Denial of Service
https://vuldb.com/?submit.745547
github.com
https://github.com/nmmorette/vulnerability-research/blob/main/coco-anotator/Unauthenticated%20Task%20Queue%20Flood%20in%20COCO%20Annotator%202f1ef09b873680f99d39e3f7db9886fa.md
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2108Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2108",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-07T19:02:06.919Z",
"dateReserved": "2026-02-06T14:23:41.354Z",
"datePublished": "2026-02-07T19:02:06.919Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-07T19:02:06.919Z"
},
"title": "jsbroks COCO Annotator Endpoint long_task denial of service",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "jsbroks",
"product": "COCO Annotator",
"modules": [
"Endpoint"
],
"versions": [
{
"version": "0.11.0",
"status": "affected"
},
{
"version": "0.11.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Denial of Service",
"cweId": "CWE-404",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.344684",
"name": "VDB-344684 | jsbroks COCO Annotator Endpoint long_task denial of service",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/?ctiid.344684",
"name": "VDB-344684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.745547",
"name": "Submit #745547 | coco-annotator 0.11.1 Denial of Service",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/nmmorette/vulnerability-research/blob/main/coco-anotator/Unauthenticated%20Task%20Queue%20Flood%20in%20COCO%20Annotator%202f1ef09b873680f99d39e3f7db9886fa.md",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:W/RC:R",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:W/RC:R",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:W/RC:UR",
"baseScore": 5
}
}
],
"timeline": [
{
"time": "2026-02-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-06T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-06T15:28:50.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "nmmorette (VulDB User)",
"type": "reporter"
}
]
}
}
}