CVE-2025-26042

MEDIUM Year: 2025
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-1333
View all →

Vulnerability Description

Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

Related Vulnerabilities

CVE-2022-2596

MEDIUM
CVSS:5.9(Medium)

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

CWE-13332022

CVE-2022-40897

MEDIUM
CVSS:5.9(Medium)

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression...

CWE-13332022

CVE-2023-26112

MEDIUM
CVSS:5.9(Medium)

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a...

CWE-13332023

CVE-2023-7279

LOW
CVSS:5.9(Medium)

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.j...

CWE-13332023

CVE-2024-3772

MEDIUM
CVSS:5.9(Medium)

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

CWE-13332024

CVE-2025-27789

MEDIUM
CVSS:6.2(Medium)

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a...

CWE-13332025