Vulnerability-Lookup

WID-SEC-W-2026-0752

Vulnerability from csaf_certbund - Published: 2026-03-16 23:00 - Updated: 2026-06-07 22:00

Summary

IBM SPSS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools für Geschäftsbenutzer, Analysten und Statistik-Programmierer.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um einen Denial of Service Angriff durchzuführen, und um Dateien zu manipulieren.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2025-59057

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2025-64718

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2025-68470

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2026-21884

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2026-22029

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2026-22030

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2026-26996

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2026-27903

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

CVE-2026-27904

Affected products

Known affected 6 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:-`	—
IBM SPSS <9.0.0.0 IF002 IBM / SPSS		<9.0.0.0 IF002
IBM Storage Scale <5.2.3.7 IBM / Storage Scale		<5.2.3.7

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7266375	external
https://www.ibm.com/support/pages/node/7267856	external
https://access.redhat.com/errata/RHSA-2026:7670	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7271910	external
https://access.redhat.com/errata/RHSA-2026:18054	external
https://www.ibm.com/support/pages/node/7275269	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools f\u00fcr Gesch\u00e4ftsbenutzer, Analysten und Statistik-Programmierer.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, und um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0752 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0752.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0752 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0752"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2026-03-16",
        "url": "https://www.ibm.com/support/pages/node/7266375"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7267856 vom 2026-03-27",
        "url": "https://www.ibm.com/support/pages/node/7267856"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7670 vom 2026-04-13",
        "url": "https://access.redhat.com/errata/RHSA-2026:7670"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21111-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025372.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
        "url": "https://www.ibm.com/support/pages/node/7271910"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:18054 vom 2026-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:18054"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7275269 vom 2026-06-05",
        "url": "https://www.ibm.com/support/pages/node/7275269"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM SPSS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-07T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-08T09:27:56.255+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0752",
      "initial_release_date": "2026-03-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-04-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-18T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM App Connect Enterprise",
                "product": {
                  "name": "IBM App Connect Enterprise",
                  "product_id": "T032495",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM App Connect Enterprise",
                "product": {
                  "name": "IBM App Connect Enterprise",
                  "product_id": "T052517",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.0.0 IF002",
                "product": {
                  "name": "IBM SPSS \u003c9.0.0.0 IF002",
                  "product_id": "T051782"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.0.0 IF002",
                "product": {
                  "name": "IBM SPSS 9.0.0.0 IF002",
                  "product_id": "T051782-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spss:9.0.0.0_if002"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SPSS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.2.3.7",
                "product": {
                  "name": "IBM Storage Scale \u003c5.2.3.7",
                  "product_id": "T055026"
                }
              },
              {
                "category": "product_version",
                "name": "5.2.3.7",
                "product": {
                  "name": "IBM Storage Scale 5.2.3.7",
                  "product_id": "T055026-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59057",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2025-59057"
    },
    {
      "cve": "CVE-2025-64718",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2025-64718"
    },
    {
      "cve": "CVE-2025-68470",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2025-68470"
    },
    {
      "cve": "CVE-2026-21884",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2026-21884"
    },
    {
      "cve": "CVE-2026-22029",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2026-22029"
    },
    {
      "cve": "CVE-2026-22030",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2026-22030"
    },
    {
      "cve": "CVE-2026-26996",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2026-26996"
    },
    {
      "cve": "CVE-2026-27903",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2026-27903"
    },
    {
      "cve": "CVE-2026-27904",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052517",
          "67646",
          "T032495",
          "T051782",
          "T055026"
        ]
      },
      "release_date": "2026-03-16T23:00:00.000+00:00",
      "title": "CVE-2026-27904"
    }
  ]
}

CVE-2025-59057 (GCVE-0-2025-59057)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:40 – Updated: 2026-01-12 18:12

Title

React Router has XSS Vulnerability

Summary

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0.

Severity

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/remix-run/react-router/securit…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
remix-run	react-router	Affected: @remix-run/react >= 1.15.0, < 2.17.1 Affected: react-router >= 7.0.0, < 7.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59057",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T18:12:33.289843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T18:12:43.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "@remix-run/react \u003e= 1.15.0, \u003c 2.17.1"
            },
            {
              "status": "affected",
              "version": "react-router  \u003e= 7.0.0, \u003c 7.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router\u0027s meta()/\u003cMeta\u003e APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (\u003cBrowserRouter\u003e) or Data Mode (createBrowserRouter/\u003cRouterProvider\u003e). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T02:40:25.142Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8"
        }
      ],
      "source": {
        "advisory": "GHSA-3cgp-3xvw-98x8",
        "discovery": "UNKNOWN"
      },
      "title": "React Router has XSS Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59057",
    "datePublished": "2026-01-10T02:40:25.142Z",
    "dateReserved": "2025-09-08T16:19:26.173Z",
    "dateUpdated": "2026-01-12T18:12:43.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64718 (GCVE-0-2025-64718)

Vulnerability from cvelistv5 – Published: 2025-11-13 15:32 – Updated: 2026-01-29 22:08

Title

js-yaml has prototype pollution in merge (<<)

Summary

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/nodeca/js-yaml/security/adviso…	x_refsource_CONFIRM
https://github.com/nodeca/js-yaml/issues/730#issu…	x_refsource_MISC
https://github.com/nodeca/js-yaml/commit/383665ff…	x_refsource_MISC
https://github.com/nodeca/js-yaml/commit/5278870a…	x_refsource_MISC
https://github.com/advisories/GHSA-mh29-5h37-fv8m

Impacted products

1 product

Vendor	Product	Version
nodeca	js-yaml	Affected: >= 4.0.0, < 4.1.1 Affected: < 3.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64718",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-13T16:18:01.997938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-13T16:18:39.270Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-21T14:38:16.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "js-yaml",
          "vendor": "nodeca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.1.1"
            },
            {
              "status": "affected",
              "version": "\u003c 3.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T22:08:30.431Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
        },
        {
          "name": "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876"
        },
        {
          "name": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
        },
        {
          "name": "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"
        }
      ],
      "source": {
        "advisory": "GHSA-mh29-5h37-fv8m",
        "discovery": "UNKNOWN"
      },
      "title": "js-yaml has prototype pollution in merge (\u003c\u003c)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64718",
    "datePublished": "2025-11-13T15:32:44.634Z",
    "dateReserved": "2025-11-10T14:07:42.922Z",
    "dateUpdated": "2026-01-29T22:08:30.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68470 (GCVE-0-2025-68470)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:39 – Updated: 2026-01-12 18:17

Title

React Router has unexpected external redirect via untrusted paths

Summary

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/remix-run/react-router/securit…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
remix-run	react-router	Affected: >= 7.0.0, < 7.9.6 Affected: >= 6.0.0, < 6.30.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T18:17:37.258808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T18:17:43.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.9.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.30.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T02:39:41.078Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m"
        }
      ],
      "source": {
        "advisory": "GHSA-9jcx-v3wj-wh4m",
        "discovery": "UNKNOWN"
      },
      "title": "React Router has unexpected external redirect via untrusted paths"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68470",
    "datePublished": "2026-01-10T02:39:41.078Z",
    "dateReserved": "2025-12-18T13:48:59.555Z",
    "dateUpdated": "2026-01-12T18:17:43.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21884 (GCVE-0-2026-21884)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:41 – Updated: 2026-02-26 15:04

Title

React Router SSR XSS in ScrollRestoration

Summary

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/react version 2.17.3 and react-router version 7.12.0.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/remix-run/react-router/securit…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
remix-run	react-router	Affected: @remix-run/react < 2.17.3 Affected: react-router >= 7.0.0, < 7.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T04:55:52.068631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:51.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "@remix-run/react \u003c 2.17.3"
            },
            {
              "status": "affected",
              "version": "react-router  \u003e= 7.0.0, \u003c 7.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router\u0027s \u003cScrollRestoration\u003e API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarative Mode (\u003cBrowserRouter\u003e) or Data Mode (createBrowserRouter/\u003cRouterProvider\u003e) is being used. This issue has been patched in @remix-run/react version 2.17.3 and react-router version 7.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T02:41:44.944Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7"
        }
      ],
      "source": {
        "advisory": "GHSA-8v8x-cx79-35w7",
        "discovery": "UNKNOWN"
      },
      "title": "React Router SSR XSS in ScrollRestoration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21884",
    "datePublished": "2026-01-10T02:41:44.944Z",
    "dateReserved": "2026-01-05T17:24:36.928Z",
    "dateUpdated": "2026-02-26T15:04:51.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22029 (GCVE-0-2026-22029)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:42 – Updated: 2026-06-02 16:58

Title

React Router vulnerable to XSS via Open Redirects

Summary

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/remix-run/react-router/securit…	x_refsource_CONFIRM

Impacted products

2 products

Vendor	Product	Version
remix-run	react-router	Affected: >= 7.0.0, < 7.12.0
remix-run	@remix-run/router	Affected: < 1.23.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T04:55:53.265498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:50.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.12.0"
            }
          ]
        },
        {
          "product": "@remix-run/router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.23.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T16:58:42.516Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
        }
      ],
      "source": {
        "advisory": "GHSA-2w69-qvjg-hvjx",
        "discovery": "UNKNOWN"
      },
      "title": "React Router vulnerable to XSS via Open Redirects"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22029",
    "datePublished": "2026-01-10T02:42:32.736Z",
    "dateReserved": "2026-01-05T22:30:38.718Z",
    "dateUpdated": "2026-06-02T16:58:42.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22030 (GCVE-0-2026-22030)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:42 – Updated: 2026-01-12 18:09

Title

React Router has CSRF issue in Action/Server Action Request Processing

Summary

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-346 - Origin Validation Error
CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/remix-run/react-router/securit…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
remix-run	react-router	Affected: @remix-run/router < 2.17.3 Affected: react-router >= 7.0.0, < 7.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22030",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T18:09:33.609212Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T18:09:39.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "@remix-run/router \u003c 2.17.3"
            },
            {
              "status": "affected",
              "version": "react-router  \u003e= 7.0.0, \u003c 7.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) or Data Mode (createBrowserRouter/\u003cRouterProvider\u003e) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346: Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T02:42:44.603Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-h5cw-625j-3rxh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-h5cw-625j-3rxh"
        }
      ],
      "source": {
        "advisory": "GHSA-h5cw-625j-3rxh",
        "discovery": "UNKNOWN"
      },
      "title": "React Router has CSRF issue in Action/Server Action Request Processing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22030",
    "datePublished": "2026-01-10T02:42:44.603Z",
    "dateReserved": "2026-01-05T22:30:38.718Z",
    "dateUpdated": "2026-01-12T18:09:39.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26996 (GCVE-0-2026-26996)

Vulnerability from cvelistv5 – Published: 2026-02-20 03:05 – Updated: 2026-02-20 15:34

Title

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/isaacs/minimatch/security/advi…	x_refsource_CONFIRM
https://github.com/isaacs/minimatch/commit/2e111f…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
isaacs	minimatch	Affected: < 10.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-20T15:31:36.544113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-20T15:34:15.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "minimatch",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 10.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-20T03:05:21.105Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
        },
        {
          "name": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
        }
      ],
      "source": {
        "advisory": "GHSA-3ppc-4f35-3m26",
        "discovery": "UNKNOWN"
      },
      "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26996",
    "datePublished": "2026-02-20T03:05:21.105Z",
    "dateReserved": "2026-02-17T01:41:24.607Z",
    "dateUpdated": "2026-02-20T15:34:15.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27903 (GCVE-0-2026-27903)

Vulnerability from cvelistv5 – Published: 2026-02-26 01:06 – Updated: 2026-02-26 19:20

Title

minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Summary

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/isaacs/minimatch/security/advi…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
isaacs	minimatch	Affected: >= 10.0.0, < 10.2.3 Affected: >= 9.0.0, < 9.0.7 Affected: >= 8.0.0, < 8.0.6 Affected: >= 7.0.0, < 7.4.8 Affected: >= 6.0.0, < 6.2.2 Affected: >= 5.0.0, < 5.1.8 Affected: >= 4.0.0, < 4.2.5 Affected: < 3.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27903",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T19:20:40.009551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:20:51.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "minimatch",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.0.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.4.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.2.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.1.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.2.5"
            },
            {
              "status": "affected",
              "version": "\u003c 3.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T01:06:32.856Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj"
        }
      ],
      "source": {
        "advisory": "GHSA-7r86-cg39-jmmj",
        "discovery": "UNKNOWN"
      },
      "title": "minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27903",
    "datePublished": "2026-02-26T01:06:32.856Z",
    "dateReserved": "2026-02-24T15:19:29.718Z",
    "dateUpdated": "2026-02-26T19:20:51.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27904 (GCVE-0-2026-27904)

Vulnerability from cvelistv5 – Published: 2026-02-26 01:07 – Updated: 2026-02-26 19:21

Title

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Summary

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/isaacs/minimatch/security/advi…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
isaacs	minimatch	Affected: >= 10.0.0, < 10.2.3 Affected: >= 9.0.0, < 9.0.7 Affected: >= 8.0.0, < 8.0.6 Affected: >= 7.0.0, < 7.4.8 Affected: >= 6.0.0, < 6.2.2 Affected: >= 5.0.0, < 5.1.8 Affected: >= 4.0.0, < 4.2.5 Affected: < 3.1.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27904",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T19:21:18.964387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:21:39.006Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "minimatch",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.0.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.4.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.2.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.1.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.2.5"
            },
            {
              "status": "affected",
              "version": "\u003c 3.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T01:07:42.693Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
        }
      ],
      "source": {
        "advisory": "GHSA-23c5-xmqv-rm74",
        "discovery": "UNKNOWN"
      },
      "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27904",
    "datePublished": "2026-02-26T01:07:42.693Z",
    "dateReserved": "2026-02-24T15:19:29.718Z",
    "dateUpdated": "2026-02-26T19:21:39.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0752

CVE-2025-59057 (GCVE-0-2025-59057)

CVE-2025-64718 (GCVE-0-2025-64718)

CVE-2025-68470 (GCVE-0-2025-68470)

CVE-2026-21884 (GCVE-0-2026-21884)

CVE-2026-22029 (GCVE-0-2026-22029)

CVE-2026-22030 (GCVE-0-2026-22030)

CVE-2026-26996 (GCVE-0-2026-26996)

CVE-2026-27903 (GCVE-0-2026-27903)

CVE-2026-27904 (GCVE-0-2026-27904)

Tags

Sightings

Nomenclature