CVE-2026-4923
- EPSS 0.05%
- Veröffentlicht 26.03.2026 19:02:00
- Zuletzt bearbeitet 16.04.2026 18:03:37
Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the pa...
CVE-2026-4926
- EPSS 0.05%
- Veröffentlicht 26.03.2026 18:59:38
- Zuletzt bearbeitet 16.04.2026 18:04:13
Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: ...
CVE-2026-4867
- EPSS 0.05%
- Veröffentlicht 26.03.2026 16:16:25
- Zuletzt bearbeitet 16.04.2026 18:01:04
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-rege...