CVE-2026-25547

EUVD-2026-5326
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
golang-github-prometheus-node_exporter
suse enterprise server 15 SP4
1.9.1-150100.3.38.1
fixed
suse enterprise server 15 SP5
1.9.1-150100.3.38.1
fixed
suse enterprise server 15 SP6
1.9.1-150100.3.38.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
nodejs22
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-debuginfo
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-debugsource
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-devel
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-docs
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-full-i18n
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-libs
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-libs-debuginfo
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.3
fixed
nodejs22-npm
Amazon Linux 2023
1:10.9.7-1.22.22.2.1.amzn2023.0.3
fixed
nodejs24
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-debuginfo
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-debugsource
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-devel
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-docs
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-full-i18n
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-libs
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-libs-debuginfo
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-npm
Amazon Linux 2023
1:11.12.1-1.24.15.0.1.amzn2023.0.1
fixed
v8-12.4-devel
Amazon Linux 2023
3:12.4.254.21-1.22.22.2.1.amzn2023.0.3
fixed
v8-13.6-devel
Amazon Linux 2023
3:13.6.233.17-1.24.15.0.1.amzn2023.0.1
fixed