MEDIUM
juliangruber
CVE published 2026-05-29
CVE-2026-45149
A vulnerability in the brace-expansion library (versions 5.0.0 to before 5.0.6) allows uncontrolled resource consumption when processing large numeric range patterns. The library's max option, intended to limit output size, is applied too late in the expansion process. When expanding a pattern like {1..10000000}, the library generates all 10 million intermediate elements before enforcing the limit, causin [truncated]