3 matches found
CVE-2026-48125
A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...
PT-2026-49551
Name of the Vulnerable Software and Affected Versions UAParser.js versions 2.0.1 through 2.0.9 Description A regular expression denial-of-service ReDoS exists when using the Client Hints API. An attacker can cause excessive CPU consumption and a denial-of-service condition in server-side...