PatchSiren

path-to-regexp CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH path-to-regexp CVE published 2026-03-26

CVE-2026-4926

CVE-2026-4926 is a high-severity vulnerability in the Path-To-Regexp library. A bad regular expression is generated when multiple sequential optional groups are used, causing denial of service. The vulnerability has a CVSS score of 7.5 and was published on March 26, 2026. It was modified on June 30, 2026. The vulnerability affects versions prior to 8.4.0 and can be mitigated by limiting sequential optiona [truncated]