Sign In

CVE-2026-9496

ADVISORY - nist

Summary

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.

EPSS Score: 0.00049 (0.157)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1333

Inefficient Regular Expression Complexity

CWE-400

Uncontrolled Resource Consumption

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-9496
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1333CWE-400

CVSS SCORE

7.7high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-9496
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY