CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

CVE-2026-29076

Affected software: cpp-httplib (C++11 single-file header-only HTTP/HTTPS library). The vulnerability occurs before version 0.37.0 where std::regex (libstdc++) is used to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine’s backtracking can cause dee...

CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

PT-2026-23867

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.0 Description The software uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. A crafted filename parameter can cause uncontrolled stack growth due to...

📄 minimatch Denial of Service

minimatch suffers from a regular expression denial of service vulnerability. Versions prior to 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 are affected...

BIT-KIBANA-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

PT-2026-26009

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

Linux Distros Unpatched Vulnerability : CVE-2026-27904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2,...

SUSE CVE-2026-27904

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...

python: Fix of 2 CVEs

CVE-2018-1060: fix catastrophic backtracking in APOP method, prevent denial of service, add input validation and enforce backtracking limits - CVE-2018-1061: fix catastrophic backtracking in the difflib.ISLINEJUNK method...

CLSA-2026-1771926895 python: Fix of 2 CVEs

CVE-2018-1060: fix catastrophic backtracking in APOP method, prevent denial of service, add input validation and enforce backtracking limits - CVE-2018-1061: fix catastrophic backtracking in the difflib.ISLINEJUNK method...

EUVD-2026-8801

minimatch has ReDoS: matchOne combinatorial backtracking via multiple non-adjacent GLOBSTAR segments...

minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Summary matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR segments and the input path does not match. The time complexity is OCn, k -- binomial -- where n is the number of path segments and k is the number of globstars. With k=11 and...

GHSA-7R86-CG39-JMMJ minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Summary matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR segments and the input path does not match. The time complexity is OCn, k -- binomial -- where n is the number of path segments and k is the number of globstars. With k=11 and...

EUVD-2026-8802

minimatch ReDoS: nested extglobs generate catastrophically backtracking regular expressions...

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Summary Nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic backtracking in V8. With a 12-byte pattern a|b and an 18-byte non-matching input, minimatch stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes...

GHSA-23C5-XMQV-RM74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Summary Nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic backtracking in V8. With a 12-byte pattern a|b and an 18-byte non-matching input, minimatch stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes...

CVE-2026-27904

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

Regular Expression Denial of Service (ReDoS)

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob patterns that trigg...

DEBIAN-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...