CVE-2026-13149
highCVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.4%
Exploitation probability in 30 days
Top 72% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the `expand()` function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-loop blocking. This can result in a Denial of Service (DoS) for the affected system.
CWE
CWE-1333Affected Products
Confidential Compute AttestationCryostat 4Exploit IntelligenceGatekeeper 3Migration Toolkit for Applications 8Migration Toolkit for ContainersNode HealthCheck OperatorOpenShift LightspeedOpenShift PipelinesOpenShift Service Mesh 2