Security Bulletin: IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

MAL-2026-5310 Malicious code in regexp-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33f86b654ba85b8393a661095dbca749a30cc352525fa1712773654a8221e2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in regexp-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33f86b654ba85b8393a661095dbca749a30cc352525fa1712773654a8221e2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview regexp-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2026-35041

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

ROOT-APP-NPM-CVE-2024-45296 CVE-2024-45296 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-45296 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-52798 CVE-2024-52798 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-52798 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4926 CVE-2026-4926 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4926 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4867 CVE-2026-4867 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4867 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4923 CVE-2026-4923 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4923 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression ...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp. CVE-2026-4867 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp. CVE-2026-4923, CVE-2026-4926 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple...

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...