PatchSiren cyber security CVE debrief
CVE-2026-11478 kokke CVE debrief
A vulnerability has been identified in kokke tiny-regex-c, up to version f2632c6d9ed25272987471cdb8b70395c2460bdb, within the Pattern Handler component. Specifically, the matchstar function in the re.c file is affected, leading to inefficient regular expression complexity. This issue is exploitable locally and has been publicly disclosed. The product follows a rolling release strategy, making it challenging to specify affected or updated versions. The project was notified early but has not yet responded.
- Vendor
- kokke
- Product
- tiny-regex-c
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of kokke tiny-regex-c, especially those integrating it into local applications, should be aware of this vulnerability. Due to the rolling release strategy of the product, users should monitor updates closely.
Technical summary
The vulnerability (CVE-2026-11478) affects the matchstar function in re.c of kokke tiny-regex-c, leading to inefficient regular expression complexity. It has a CVSS score of 1.9, indicating a low severity.
Defensive priority
Low
Recommended defensive actions
- Monitor the project's updates and patches for kokke tiny-regex-c.
- Consider implementing additional security measures for local execution environments where this library is used.
Evidence notes
Evidence from Vuldb and NVD suggests a low severity vulnerability with local attack vector.
Official resources
CVE-2026-11478 was published on 2026-06-08T03:16:19.997Z and modified on 2026-06-08T14:57:14.757Z.