ROOT-APP-NPM-CVE-2026-33671 CVE-2026-33671 in @rootio/picomatch - Patched by Root

Root has patched CVE-2026-33671 in the @rootio/picomatch package for Root:npm. Multiple fixed versions available...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch (CVE-2026-33671, CVE-2026-33672)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch CVE-2026-33671, CVE-2026-33672. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...

Security Bulletin: IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior t...

CVE-2026-33671 affecting package nodejs24 for versions less than 24.14.1-2

CVE-2026-33671 affecting package nodejs24 for versions less than 24.14.1-2. A patched version of the package is available...

CVE-2026-33671 vulnerabilities

Vulnerabilities for packages: saf, rancher-api-ui, vitess, renovate, prism, tileserver-gl, lerna, pulumi, kubeflow-pipelines, code-server, opensearch-dashboards, vite, argo-workflows, npm, node-gyp...

CVE-2026-33671 vulnerabilities

Vulnerabilities for packages: emscripten, node-gyp, graalvm, langfuse-fips, pulumi, saf, vitess, rancher-api-ui, tileserver-gl, gemini-cli, kubeflow-pipelines, actions-runner, langfuse, wazuh-dashboard, opensearch-dashboards-fips, kibana, tileserver-gl-fips, argo-workflows, code-server, vite,...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33671 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1068 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +72 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +573 more potentially affected by CVE-2026-33671 via picomatch (>=2.1.1 <=2.3.1)

picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...