Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for path-to-regexp by pillarjs

    CVE-2026-4926 (GCVE-0-2026-4926)

    Vulnerability from nvd – Published: 2026-03-26 18:59 – Updated: 2026-06-30 12:10
    VLAI
    Title
    path-to-regexp vulnerable to Denial of Service via sequential optional groups
    Summary
    Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    path-to-regexp path-to-regexp Affected: 8.0.0 , < 8.4.0 (semver)
    Unaffected: 8.4.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    Create a notification for this product.
    Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization 2.1     cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization 2.9     cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6     cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.8     cpe:/a:redhat:rhdh:1.8::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces 3.27     cpe:/a:redhat:openshift_devspaces:3.27::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.9.3     cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.3     cpe:/a:redhat:trusted_artifact_signer:1.3::el9
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Self-service automation portal 2     cpe:/a:redhat:ansible_portal:2
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 10     cpe:/a:redhat:ansible_automation_platform:2.6::el10
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Profile Analyzer     cpe:/a:redhat:trusted_profile_analyzer:2
    Create a notification for this product.
    Credits
    uug4na blakeembrey UlisesGascon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T19:44:44.790485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T19:44:53.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4 on RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization 2.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization 2.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3.27::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces 3.27",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3.9.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_broker:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AMQ Broker 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:podman_desktop:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Build of Podman Desktop",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_portal:2"
                ],
                "defaultStatus": "affected",
                "product": "Self-service automation portal 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_profile_analyzer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Profile Analyzer",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-26T18:59:38.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1333",
                    "description": "Inefficient Regular Expression Complexity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:10:34.415Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-4926"
              },
              {
                "name": "RHBZ#2451867",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4926.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24761"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24762"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17789"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19409"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19410"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13545"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9742"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13826"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9385"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10172"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10153"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-26T20:03:28.427Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-26T18:59:38.000Z",
                "value": "Made public."
              }
            ],
            "title": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, limit the use of multiple sequential optional groups in route patterns within applications that use `path-to-regexp`. Additionally, avoid directly passing user-controlled input as route patterns to prevent the generation of maliciously crafted regular expressions."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/path-to-regexp",
              "product": "path-to-regexp",
              "vendor": "path-to-regexp",
              "versions": [
                {
                  "lessThan": "8.4.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "8.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "uug4na"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "blakeembrey"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns."
                }
              ],
              "value": "Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T18:59:38.000Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-4926",
        "datePublished": "2026-03-26T18:59:38.000Z",
        "dateReserved": "2026-03-26T18:36:49.229Z",
        "dateUpdated": "2026-06-30T12:10:34.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4923 (GCVE-0-2026-4923)

    Vulnerability from nvd – Published: 2026-03-26 19:02 – Updated: 2026-03-27 13:58
    VLAI
    Title
    path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
    Summary
    Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /*foo-*bar-:baz /*a-:b-*c-:d /x/*a-:b/*c/y Safe examples: /*foo-:bar /*foo-:bar-*baz Patches: Upgrade to version 8.4.0. Workarounds: If you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    path-to-regexp path-to-regexp Affected: 8.0.0 , < 8.4.0 (semver)
    Unaffected: 8.4.0 (semver)
    Create a notification for this product.
    Credits
    blakeembrey UlisesGascon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T13:46:47.360477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T13:58:03.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/path-to-regexp",
              "product": "path-to-regexp",
              "vendor": "path-to-regexp",
              "versions": [
                {
                  "lessThan": "8.4.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "8.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "blakeembrey"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
                }
              ],
              "value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T19:02:00.729Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-4923",
        "datePublished": "2026-03-26T19:02:00.729Z",
        "dateReserved": "2026-03-26T18:05:44.717Z",
        "dateUpdated": "2026-03-27T13:58:03.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4867 (GCVE-0-2026-4867)

    Vulnerability from nvd – Published: 2026-03-26 16:16 – Updated: 2026-03-26 16:52
    VLAI
    Title
    path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
    Summary
    Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking. Patches: Upgrade to path-to-regexp@0.1.13 Custom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group. Workarounds: All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+). If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    path-to-regexp path-to-regexp Affected: 0 , < 0.1.13 (semver)
    Create a notification for this product.
    Credits
    EthanKim88 blakeembrey UlisesGascon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T16:52:08.810671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T16:52:14.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/path-to-regexp",
              "product": "path-to-regexp",
              "vendor": "path-to-regexp",
              "versions": [
                {
                  "lessThan": "0.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "EthanKim88"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "blakeembrey"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact:\n\nA bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking.\n\nPatches:\n\nUpgrade to path-to-regexp@0.1.13\n\nCustom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group.\n\nWorkarounds:\n\nAll versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+).\n\nIf paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length."
                }
              ],
              "value": "Impact:\n\nA bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking.\n\nPatches:\n\nUpgrade to path-to-regexp@0.1.13\n\nCustom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group.\n\nWorkarounds:\n\nAll versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+).\n\nIf paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T16:16:25.501Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j"
            },
            {
              "url": "https://blakeembrey.com/posts/2024-09-web-redos"
            },
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-4867",
        "datePublished": "2026-03-26T16:16:25.501Z",
        "dateReserved": "2026-03-25T20:11:53.714Z",
        "dateUpdated": "2026-03-26T16:52:14.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52798 (GCVE-0-2024-52798)

    Vulnerability from nvd – Published: 2024-12-05 22:45 – Updated: 2025-01-24 20:03
    VLAI
    Title
    path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
    Summary
    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    pillarjs path-to-regexp Affected: < 0.1.12
    Create a notification for this product.
    pillarjs path-to-regexp Affected: 0 , < 0.1.12 (custom)
        cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "path-to-regexp",
                "vendor": "pillarjs",
                "versions": [
                  {
                    "lessThan": "0.1.12",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52798",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T14:53:29.827845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T14:54:43.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-24T20:03:11.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250124-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "path-to-regexp",
              "vendor": "pillarjs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.1.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-05T22:45:42.774Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
            },
            {
              "name": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
            }
          ],
          "source": {
            "advisory": "GHSA-rhx6-c78j-4q9w",
            "discovery": "UNKNOWN"
          },
          "title": "path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52798",
        "datePublished": "2024-12-05T22:45:42.774Z",
        "dateReserved": "2024-11-15T17:11:13.440Z",
        "dateUpdated": "2025-01-24T20:03:11.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45296 (GCVE-0-2024-45296)

    Vulnerability from nvd – Published: 2024-09-09 19:07 – Updated: 2025-01-24 20:03
    VLAI
    Title
    path-to-regexp outputs backtracking regular expressions
    Summary
    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    pillarjs path-to-regexp Affected: < 0.1.10
    Affected: >= 0.2.0, < 8.0.0
    Create a notification for this product.
    pillarjs path-to-regexp Affected: 0 , < 0.1.0 (custom)
    Affected: 0.2.0 , < 8.0.0 (custom)
        cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "path-to-regexp",
                "vendor": "pillarjs",
                "versions": [
                  {
                    "lessThan": "0.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.0",
                    "status": "affected",
                    "version": "0.2.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T19:32:57.513942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T19:38:12.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-24T20:03:07.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250124-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "path-to-regexp",
              "vendor": "pillarjs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.2.0, \u003c 8.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-09T19:07:40.313Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
            },
            {
              "name": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
            },
            {
              "name": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
            }
          ],
          "source": {
            "advisory": "GHSA-9wv6-86v2-598j",
            "discovery": "UNKNOWN"
          },
          "title": "path-to-regexp outputs backtracking regular expressions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45296",
        "datePublished": "2024-09-09T19:07:40.313Z",
        "dateReserved": "2024-08-26T18:25:35.442Z",
        "dateUpdated": "2025-01-24T20:03:07.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-4923 (GCVE-0-2026-4923)

    Vulnerability from cvelistv5 – Published: 2026-03-26 19:02 – Updated: 2026-03-27 13:58
    VLAI
    Title
    path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
    Summary
    Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /*foo-*bar-:baz /*a-:b-*c-:d /x/*a-:b/*c/y Safe examples: /*foo-:bar /*foo-:bar-*baz Patches: Upgrade to version 8.4.0. Workarounds: If you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    path-to-regexp path-to-regexp Affected: 8.0.0 , < 8.4.0 (semver)
    Unaffected: 8.4.0 (semver)
    Create a notification for this product.
    Credits
    blakeembrey UlisesGascon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T13:46:47.360477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T13:58:03.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/path-to-regexp",
              "product": "path-to-regexp",
              "vendor": "path-to-regexp",
              "versions": [
                {
                  "lessThan": "8.4.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "8.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "blakeembrey"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
                }
              ],
              "value": "Impact:\n\nWhen using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path.\n\nUnsafe examples:\n\n/*foo-*bar-:baz\n/*a-:b-*c-:d\n/x/*a-:b/*c/y\n\nSafe examples:\n\n/*foo-:bar\n/*foo-:bar-*baz\n\nPatches:\n\nUpgrade to version 8.4.0.\n\nWorkarounds:\n\nIf you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T19:02:00.729Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-4923",
        "datePublished": "2026-03-26T19:02:00.729Z",
        "dateReserved": "2026-03-26T18:05:44.717Z",
        "dateUpdated": "2026-03-27T13:58:03.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4926 (GCVE-0-2026-4926)

    Vulnerability from cvelistv5 – Published: 2026-03-26 18:59 – Updated: 2026-06-30 12:10
    VLAI
    Title
    path-to-regexp vulnerable to Denial of Service via sequential optional groups
    Summary
    Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    path-to-regexp path-to-regexp Affected: 8.0.0 , < 8.4.0 (semver)
    Unaffected: 8.4.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    Create a notification for this product.
    Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization 2.1     cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization 2.9     cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6     cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.8     cpe:/a:redhat:rhdh:1.8::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces 3.27     cpe:/a:redhat:openshift_devspaces:3.27::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.9.3     cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.3     cpe:/a:redhat:trusted_artifact_signer:1.3::el9
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Self-service automation portal 2     cpe:/a:redhat:ansible_portal:2
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 10     cpe:/a:redhat:ansible_automation_platform:2.6::el10
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Profile Analyzer     cpe:/a:redhat:trusted_profile_analyzer:2
    Create a notification for this product.
    Credits
    uug4na blakeembrey UlisesGascon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T19:44:44.790485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T19:44:53.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4 on RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2.10::el9"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization 2.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization 2.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3.27::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces 3.27",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3.9.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_broker:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AMQ Broker 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:podman_desktop:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Build of Podman Desktop",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_portal:2"
                ],
                "defaultStatus": "affected",
                "product": "Self-service automation portal 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_profile_analyzer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Profile Analyzer",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-26T18:59:38.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1333",
                    "description": "Inefficient Regular Expression Complexity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:10:34.415Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-4926"
              },
              {
                "name": "RHBZ#2451867",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4926.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24761"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24762"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17789"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19409"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19410"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13545"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9742"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13826"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9385"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10172"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10153"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19409: Migration Toolkit for Virtualization 2.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19410: Migration Toolkit for Virtualization 2.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-26T20:03:28.427Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-26T18:59:38.000Z",
                "value": "Made public."
              }
            ],
            "title": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, limit the use of multiple sequential optional groups in route patterns within applications that use `path-to-regexp`. Additionally, avoid directly passing user-controlled input as route patterns to prevent the generation of maliciously crafted regular expressions."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/path-to-regexp",
              "product": "path-to-regexp",
              "vendor": "path-to-regexp",
              "versions": [
                {
                  "lessThan": "8.4.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "8.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "uug4na"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "blakeembrey"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns."
                }
              ],
              "value": "Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T18:59:38.000Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-4926",
        "datePublished": "2026-03-26T18:59:38.000Z",
        "dateReserved": "2026-03-26T18:36:49.229Z",
        "dateUpdated": "2026-06-30T12:10:34.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4867 (GCVE-0-2026-4867)

    Vulnerability from cvelistv5 – Published: 2026-03-26 16:16 – Updated: 2026-03-26 16:52
    VLAI
    Title
    path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
    Summary
    Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking. Patches: Upgrade to path-to-regexp@0.1.13 Custom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group. Workarounds: All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+). If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    path-to-regexp path-to-regexp Affected: 0 , < 0.1.13 (semver)
    Create a notification for this product.
    Credits
    EthanKim88 blakeembrey UlisesGascon
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T16:52:08.810671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T16:52:14.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/path-to-regexp",
              "product": "path-to-regexp",
              "vendor": "path-to-regexp",
              "versions": [
                {
                  "lessThan": "0.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "EthanKim88"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "blakeembrey"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact:\n\nA bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking.\n\nPatches:\n\nUpgrade to path-to-regexp@0.1.13\n\nCustom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group.\n\nWorkarounds:\n\nAll versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+).\n\nIf paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length."
                }
              ],
              "value": "Impact:\n\nA bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking.\n\nPatches:\n\nUpgrade to path-to-regexp@0.1.13\n\nCustom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group.\n\nWorkarounds:\n\nAll versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+).\n\nIf paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T16:16:25.501Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j"
            },
            {
              "url": "https://blakeembrey.com/posts/2024-09-web-redos"
            },
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-4867",
        "datePublished": "2026-03-26T16:16:25.501Z",
        "dateReserved": "2026-03-25T20:11:53.714Z",
        "dateUpdated": "2026-03-26T16:52:14.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52798 (GCVE-0-2024-52798)

    Vulnerability from cvelistv5 – Published: 2024-12-05 22:45 – Updated: 2025-01-24 20:03
    VLAI
    Title
    path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
    Summary
    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    pillarjs path-to-regexp Affected: < 0.1.12
    Create a notification for this product.
    pillarjs path-to-regexp Affected: 0 , < 0.1.12 (custom)
        cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "path-to-regexp",
                "vendor": "pillarjs",
                "versions": [
                  {
                    "lessThan": "0.1.12",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52798",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T14:53:29.827845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T14:54:43.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-24T20:03:11.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250124-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "path-to-regexp",
              "vendor": "pillarjs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.1.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-05T22:45:42.774Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
            },
            {
              "name": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
            }
          ],
          "source": {
            "advisory": "GHSA-rhx6-c78j-4q9w",
            "discovery": "UNKNOWN"
          },
          "title": "path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52798",
        "datePublished": "2024-12-05T22:45:42.774Z",
        "dateReserved": "2024-11-15T17:11:13.440Z",
        "dateUpdated": "2025-01-24T20:03:11.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45296 (GCVE-0-2024-45296)

    Vulnerability from cvelistv5 – Published: 2024-09-09 19:07 – Updated: 2025-01-24 20:03
    VLAI
    Title
    path-to-regexp outputs backtracking regular expressions
    Summary
    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    pillarjs path-to-regexp Affected: < 0.1.10
    Affected: >= 0.2.0, < 8.0.0
    Create a notification for this product.
    pillarjs path-to-regexp Affected: 0 , < 0.1.0 (custom)
    Affected: 0.2.0 , < 8.0.0 (custom)
        cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "path-to-regexp",
                "vendor": "pillarjs",
                "versions": [
                  {
                    "lessThan": "0.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.0",
                    "status": "affected",
                    "version": "0.2.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T19:32:57.513942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T19:38:12.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-24T20:03:07.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250124-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "path-to-regexp",
              "vendor": "pillarjs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.2.0, \u003c 8.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-09T19:07:40.313Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
            },
            {
              "name": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
            },
            {
              "name": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
            }
          ],
          "source": {
            "advisory": "GHSA-9wv6-86v2-598j",
            "discovery": "UNKNOWN"
          },
          "title": "path-to-regexp outputs backtracking regular expressions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45296",
        "datePublished": "2024-09-09T19:07:40.313Z",
        "dateReserved": "2024-08-26T18:25:35.442Z",
        "dateUpdated": "2025-01-24T20:03:07.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }