CVE-2026-4923

MEDIUM

5.9

Description

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /*foo-*bar-:baz /*a-:b-*c-:d /x/*a-:b/*c/y Safe examples: /*foo-:bar /*foo-:bar-*baz Patches: Upgrade to version 8.4.0. Workarounds: If you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable.

Details CVE

Score CVSS v3.15.9

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisNONE

Interaction utilisateurNONE

Publie3/26/2026

Derniere modification3/30/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-1333

References

https://cna.openjsf.org/security-advisories.html(ce714d77-add3-4f53-aff5-83d477b104bb)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.