HIGH
path-to-regexp
CVE published 2026-03-26
CVE-2026-4926
CVE-2026-4926 is a high-severity vulnerability in the Path-To-Regexp library. A bad regular expression is generated when multiple sequential optional groups are used, causing denial of service. The vulnerability has a CVSS score of 7.5 and was published on March 26, 2026. It was modified on June 30, 2026. The vulnerability affects versions prior to 8.4.0 and can be mitigated by limiting sequential optiona [truncated]