CVE-2026-11478

LOW

kokke tiny-regex-c Pattern re.c matchstar redos

Title source: cna

Description

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

References (7)

Core 7

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-369098 | kokke tiny-regex-c Pattern re.c matchstar redos

https://vuldb.com/vuln/369098

Signature, Permissions Required signature permissions-required

VDB-369098 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/369098/cti

Third Party Advisory third-party-advisory

CVE-2026-11478 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11478

Third Party Advisory third-party-advisory

Submit #833966 | tiny-regex-c 0.1.0 Regular Expression Denial of Service

https://vuldb.com/submit/833966

Issue Tracking issue-tracking

https://github.com/kokke/tiny-regex-c/issues/100

Exploit exploit

https://github.com/user-attachments/files/28046213/tiny-regex-c-redos-poc.zip

Product product

https://github.com/kokke/tiny-regex-c/

Scores

CVSS v3 3.3

EPSS 0.0011

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1333 CWE-400

Status published

Products (1)

kokke/tiny-regex-c f2632c6d9ed25272987471cdb8b70395c2460bdb

Published Jun 08, 2026

Tracked Since Jun 08, 2026