CVE-2026-2327

ADVISORY - github

Summary

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.

EPSS Score⁠: 0.00013 (0.017)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1333⁠

Inefficient Regular Expression Complexity

ADVISORY - github

CWE-1333⁠

Inefficient Regular Expression Complexity

ADVISORY - redhat

CWE-1333⁠

Inefficient Regular Expression Complexity

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-2327⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

GitHub

CREATED

2 days ago

UPDATED

11 hours ago

ADVISORY IDGHSA-38c4-r59v-3vqw⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

Debian

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-2327⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

22 hours ago

UPDATED

22 hours ago

ADVISORY IDCVE-2026-2327⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

2 days ago

UPDATED

16 hours ago

ADVISORY IDCVE-2026-2327⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium