374 matches found
CVE-2026-26996 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...
minimatch 安全漏洞
Minimatch is a global matcher in JavaScript developed by Isaacs. Versions of Minimatch 10.2.0 and earlier contained security vulnerabilities; these vulnerabilities stemmed from a regular expression denial-of-service vulnerability when processing glob patterns that contained multiple consecutive...
Linux Distros Unpatched Vulnerability : CVE-2026-26996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular...
10up-toolkit (>=6.0.0 <=6.5.0-next.1), @0ti.me/ts-test-deps (=0.2.0) +6494 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)
minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
10up-toolkit (>=6.0.0 <=6.5.0-next.1), @0ti.me/ts-test-deps (=0.2.0) +6494 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)
minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...
@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +869 more potentially affected by CVE-2026-26996 via minimatch (>=5.0.0 <=5.1.6)
minimatch NPM version =5.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =0.4.13, =2.3.0, =2.3.0, =2.2.1, =2.2.1, =2.2.2 - @aid-on/aidify =0.1.2 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +869 more potentially affected by CVE-2026-26996 via minimatch (>=5.0.0 <=5.1.6)
minimatch NPM version =5.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =0.4.13, =2.3.0, =2.3.0, =2.2.1, =2.2.1, =2.2.2 - @aid-on/aidify =0.1.2 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...
02strich-markdown (>=1.0.0 <=1.0.2), @0xintuition/slang-cli (>=0.0.1 <=0.0.8) +1940 more potentially affected by CVE-2026-26996 via minimatch (>=4.1.1 <=4.2.3)
minimatch NPM version =4.1.1, =1.0.0, =0.0.1, =0.5.2, =5.0.2, =2.2.0, =1.1.4, =1.3.1, =1.0.0, =0.0.2-alpha-20220914223128-d706aab, =0.0.2-alpha-20220915073207-1bb0680, =0.0.2-alpha-20220914223128-d706aab, =1.1.8, =1.0.0, =1.5.0 and more Source cves: CVE-2026-26996 Source advisory:...
@0x590fab/sdcor2 (>=4.2.1 <=4.4.0), @cenk1cenk2/renovate-config (>=2.2.33 <=2.3.94) +22 more potentially affected by CVE-2026-26996 via minimatch (>=6.0.0 <=6.2.0)
minimatch NPM version =6.0.0, =4.2.1, =2.2.33, =0.2.6-alpha-20230114225627-66f5d9eac, =0.1.7-alpha-20230114225627-66f5d9eac, =0.15.7-alpha-20230114225627-66f5d9eac, =0.1.0, =3.108.8--canary.1.4727068200.0, =0.0.0, =1.12.0, =1.0.0, =0.36.6, =0.36.6, =0.39.3-0 - editorconfig =1.0.2 and more Source...
02strich-markdown (>=1.0.0 <=1.0.2), @0xintuition/slang-cli (>=0.0.1 <=0.0.8) +1940 more potentially affected by CVE-2026-26996 via minimatch (>=4.1.1 <=4.2.3)
minimatch NPM version =4.1.1, =1.0.0, =0.0.1, =0.5.2, =5.0.2, =2.2.0, =1.1.4, =1.3.1, =1.0.0, =0.0.2-alpha-20220914223128-d706aab, =0.0.2-alpha-20220915073207-1bb0680, =0.0.2-alpha-20220914223128-d706aab, =1.1.8, =1.0.0, =1.5.0 and more Source cves: CVE-2026-26996 Source advisory:...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02.aula (=1.0.0) +55728 more potentially affected by CVE-2026-26996 via minimatch (>=3.0.0 <=3.1.2)
minimatch NPM version =3.0.0, =1.0.1, =1.1.0 - 02.aula =1.0.0 - 0726react =0.1.1 - 08cms =1.0.0 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...
@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +316 more potentially affected by CVE-2026-26996 via minimatch (>=7.0.0 <=7.4.6)
minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 - @digit-ui/digit-ui-module-common =1.3.0 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +316 more potentially affected by CVE-2026-26996 via minimatch (>=7.0.0 <=7.4.6)
minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 - @digit-ui/digit-ui-module-common =1.3.0 and more Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...
@0x590fab/sdcor2 (>=4.2.1 <=4.4.0), @cenk1cenk2/renovate-config (>=2.2.33 <=2.3.94) +22 more potentially affected by CVE-2026-26996 via minimatch (>=6.0.0 <=6.2.0)
minimatch NPM version =6.0.0, =4.2.1, =2.2.33, =0.2.6-alpha-20230114225627-66f5d9eac, =0.1.7-alpha-20230114225627-66f5d9eac, =0.15.7-alpha-20230114225627-66f5d9eac, =0.1.0, =3.108.8--canary.1.4727068200.0, =0.0.0, =1.12.0, =1.0.0, =0.36.6, =0.36.6, =0.39.3-0 - editorconfig =1.0.2 and more Source...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched...
Regular Expression Denial of Service (ReDoS)
Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched character. Detail...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
GHSA-3PPC-4F35-3M26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...