216.73.217.80

CVE-2026-4926

· Published 26/03/2026 19:17 · Modified 26/03/2026 19:17

Labels: CVE-2026-4926 2026-03-26CVE-2026-4926CWE-400ce714d77-add3-4f53-aff5-83d477b104bb

Essential information

Published
26/03/2026 19:17
Modified
26/03/2026 19:17
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ce714d77-add3-4f53-aff5-83d477b104bb
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / * cpe:2.3:a:*:*:8.4.0:*:*:*:*:*:*:*

References