CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

410 vulnerabilities with CWE-1333
CVE-2026-41040 HIGH
Growi < v7.5.0 and earlier - Denial of Service
CVSS 7.5
CVE-2026-39320 HIGH
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
CVSS 7.5
CVE-2026-40319 MEDIUM
Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
CVSS 5.5
CVE-2026-5986 MEDIUM
Zod jsVideoUrlParser util.js getTime redos
CVSS 5.3
CVE-2026-35041 MEDIUM
ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification
CVSS 4.2
CVE-2026-35611 HIGH
Addressable has a Regular Expression Denial of Service in Addressable templates
CVSS 7.5
CVE-2026-35458 CRITICAL
Gotenberg has a ReDoS via extraHttpHeaders scope feature
CVSS 9.8
CVE-2026-35213 HIGH
Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing
CVSS 7.5
CVE-2026-34939 MEDIUM
PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
CVSS 6.5
CVE-2026-33671 HIGH
Picomatch has a ReDoS vulnerability via extglob quantifiers
CVSS 7.5
CVE-2026-0967 MEDIUM
Libssh: libssh: denial of service via inefficient regular expression processing
CVSS 5.5
CVE-2026-4926 HIGH
path-to-regexp vulnerable to Denial of Service via sequential optional groups
CVSS 7.5
CVE-2026-4923 MEDIUM
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
CVSS 5.9
CVE-2026-4867 HIGH
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
CVSS 7.5
CVE-2026-33169 MEDIUM
Active Support <8.1.2.1/8.0.4.1/7.2.3.1 - DoS
CVSS 5.3
CVE-2026-4539 LOW
pygments archetype.py AdlLexer redos
CVSS 3.3
CVE-2026-22178 MEDIUM
OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata
CVSS 6.5
CVE-2026-28356 HIGH
multipart <1.2.2/1.3.1/1.4.0-dev - DoS
CVSS 7.5
CVE-2026-30837 HIGH
Elysia <1.4.26 - DoS
CVSS 7.5
CVE-2026-30925 HIGH
Parse Server <9.5.0-alpha.14/8.6.11 - DoS
CVSS 7.5
CVE-2026-29076 MEDIUM
cpp-httplib <0.37.0 - DoS
CVSS 5.9
CVE-2026-3293 LOW
snowflakedb snowflake-jdbc <=4.0.1 - DoS
CVSS 3.3
CVE-2026-26936 MEDIUM
Kibana AI Inference Anonymization - DoS
CVSS 4.9
CVE-2026-27904 HIGH
minimatch <10.2.3 - DoS
CVSS 7.5
CVE-2026-1388 HIGH
GitLab CE/EE - DoS
CVSS 7.5
Details
Vulnerabilities 410
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits