CVE-2026-4926
highCVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: March 26, 2026 (106 days ago)
Last Modified: March 26, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
Impact:
A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.
Patches:
Fixed in version 8.4.0.
Workarounds:
Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.
CWE
CWE-1333Affected Products
Cryostat 4Logging Subsystem for Red Hat OpenShiftMigration Toolkit for Applications 8Multicluster Engine for KubernetesNetwork Observability OperatorOpenShift LightspeedOpenShift PipelinesOpenShift Service Mesh 2OpenShift Service Mesh 3Red Hat Advanced Cluster Management for Kubernetes 2