CVE-2026-27904 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: February 27, 2026
minimatch - Denial of Service
Overview
minimatch < 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 contains a denial of service caused by nested unbounded quantifiers in extglobs producing catastrophic backtracking in regex processing, letting attackers cause application stalls, exploit requires crafted nested extglob patterns.
Severity & Score
Impact
Attackers can cause application stalls or high CPU usage, leading to denial of service.
Mitigation
Update to versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, or 3.1.4 or later.
Social Media Activity(2 posts)
š CVE-2026-27904 - High (7.5) minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quant... š https://www.thehackerwire.com/vulnerability/CVE-2026-27904/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-27904 - High (7.5) minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quant... š https://www.thehackerwire.com/vulnerability/CVE-2026-27904/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27904
- Severity
- High
- CVSS Score
- 7.5
- Type
- regular_expression_dos
- Status
- confirmed
- EPSS
- 4.0%
- Social Posts
- 2
CWE
- CWE-1333
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H