CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2026-33671 HIGH
Picomatch Extglob Quantifiers - Regular Expression Denial of Service
CVSS 7.5
CVE-2026-0967 MEDIUM
Libssh: libssh: denial of service via inefficient regular expression processing
CVSS 5.5
CVE-2026-4926 HIGH
path-to-regexp vulnerable to Denial of Service via sequential optional groups
CVSS 7.5
CVE-2026-4923 MEDIUM
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
CVSS 5.9
CVE-2026-4867 HIGH
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
CVSS 7.5
CVE-2026-33169 MEDIUM
Active Support <8.1.2.1/8.0.4.1/7.2.3.1 - DoS
CVSS 5.3
CVE-2026-4539 LOW
pygments archetype.py AdlLexer redos
CVSS 3.3
CVE-2026-22178 MEDIUM
OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata
CVSS 6.5
CVE-2026-28356 HIGH
multipart <1.2.2/1.3.1/1.4.0-dev - DoS
CVSS 7.5
CVE-2026-30837 HIGH
Elysia < 1.4.26 - Inefficient Regular Expression Complexity in URL Format Validation
CVSS 7.5
CVE-2026-30925 HIGH
Parse Server <9.5.0-alpha.14/8.6.11 - DoS
CVSS 7.5
CVE-2026-29076 MEDIUM
cpp-httplib < 0.37.0 - Denial of Service via RFC 5987 Filename Regex Backtracking
CVSS 5.9
CVE-2026-3293 LOW
snowflakedb snowflake-jdbc <=4.0.1 - DoS
CVSS 3.3
CVE-2026-26936 MEDIUM
Kibana AI Inference Anonymization - DoS
CVSS 4.9
CVE-2026-27904 HIGH
minimatch < 10.2.3, < 3.1.4 - Inefficient Regular Expression Complexity via Nested Extglob Patterns
CVSS 7.5
CVE-2026-1388 HIGH
GitLab 9.2-18.7.4, 18.8-18.8.4, 18.9.0 - ReDoS via Merge Request Endpoint
CVSS 7.5
CVE-2026-26996 HIGH
minimatch < 10.2.1 - Regular Expression Denial of Service via Glob Pattern with Consecutive Wildcards
CVSS 7.5
CVE-2026-2327 MEDIUM
markdown-it 13.0.0-14.1.0 - Regular Expression Denial of Service via Linkify Function
CVSS 5.3
CVE-2026-26006 MEDIUM
AutoGPT 0.4.0-0.6.31 - Regular Expression Denial of Service in Code Extraction Block
CVSS 6.5
CVE-2026-25547 CRITICAL
@isaacs/brace-expansion < 5.0.1 - Denial of Service via Unbounded Brace Range Expansion
CVE-2026-23897 HIGH
Apollo Server 2.0.0-3.13.0, 4.2.0-4.12.9, 5.0.0-5.3.9 - Denial of Service via Exotic Character Set Encoding
CVSS 7.5
CVE-2026-24001 HIGH
jsdiff <8.0.3, 5.2.2, 4.0.4, 3.5.1 - DoS
CVSS 7.5
CVE-2026-23956 HIGH
seroval 0.2.0-1.4.0 - Regular Expression Denial of Service via RegExp Serialization Override
CVSS 7.5
CVE-2026-22809 MEDIUM
Amauri Tarteaucitronjs < 1.29.0 - Denial of Service
CVSS 4.4
CVE-2026-22691 MEDIUM
pypdf < 6.6.0 - Denial of Service via Malformed startxref Processing
CVSS 5.3
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits