CVE-2026-48801info

Zusammenfassung

von MITRE • 15.07.2026

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs unanchored regex searches on progressively shorter tails. Any service that synchronously renders untrusted Markdown with linkify:true on a request hot path can inherit a worker-process denial of service triggerable by a tens-of-KB request body. This issue is fixed in version 5.0.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Veröffentlichung

15.07.2026

Moderieren

wird geprüft

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!