CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2026-47138 HIGH
Parse Server: Pre-authentication denial of service via client version header regex backtracking
CVE-2026-44496 HIGH
Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
CVSS 7.5
CVE-2026-42567 HIGH
Svelte: ReDoS in `<svelte:element>` Tag Validation
CVSS 7.5
CVE-2026-41848 LOW
Spring Framework Denial of Service via AntPathMatcher
CVSS 3.7
CVE-2026-52778 CRITICAL
YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)
CVSS 9.8
CVE-2026-11478 LOW
kokke tiny-regex-c Pattern re.c matchstar redos
CVSS 3.3
CVE-2026-45409 MEDIUM
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
CVSS 5.3
CVE-2026-8888 HIGH
Securly Chrome Extension < 3.0.7 - Denial of Service
CVSS 7.5
CVE-2026-10692 MEDIUM
johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos
CVSS 4.3
CVE-2026-10691 MEDIUM
wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos
CVSS 4.3
CVE-2026-10291 MEDIUM
Enderfga claw-orchestrator <= 3.7.0 - Inefficient Regular Expression Complexity in Session Grep Endpoint
CVSS 4.3
CVE-2026-44796 MEDIUM
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
CVSS 6.5
CVE-2026-9496 HIGH
Pacote - Inefficient Regular Expression Complexity
CVSS 7.5
CVE-2026-44425 MEDIUM
ShellHub: Crash-DoS via field injection in filter and sort-by parameters
CVSS 5.4
CVE-2026-8159 HIGH
multiparty vulnerable to ReDoS via filename parsing
CVSS 7.5
CVE-2026-33079 HIGH
Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
CVE-2026-41040 HIGH
GROWI - Regular Expression Denial of Service via Crafted Input String
CVSS 7.5
CVE-2026-39320 HIGH
Signal K Server <2.25.0 WebSocket Subscriptions - Regular Expression Denial of Service
CVSS 7.5
CVE-2026-40319 MEDIUM
Giskard RegexMatching Check - Regular Expression Denial of Service
CVSS 5.5
CVE-2026-5986 MEDIUM
Zod jsVideoUrlParser util.js getTime redos
CVSS 5.3
CVE-2026-35041 MEDIUM
ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification
CVSS 4.2
CVE-2026-35611 HIGH
Addressable 2.3.0-2.8.x URI Templates - Regular Expression Denial of Service
CVSS 7.5
CVE-2026-35458 CRITICAL
Gotenberg <=8.29.1 extraHttpHeaders Scope - Regular Expression Denial of Service
CVSS 9.8
CVE-2026-35213 HIGH
Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing
CVSS 7.5
CVE-2026-34939 MEDIUM
PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
CVSS 6.5
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits