CVE-2026-5986
MEDIUMZod jsVideoUrlParser util.js getTime redos
Title source: cnaDescription
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References (5)
Scores
CVSS v3
5.3
EPSS
0.0006
EPSS Percentile
17.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-1333
CWE-400
Status
published
Products (3)
npm/js-video-url-parser
0npm
Zod/jsVideoUrlParser
0.5.0
Zod/jsVideoUrlParser
0.5.1
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026