CVE-2026-5986
Inefficient Regex Complexity in Zod jsVideoUrlParser getTime Function
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zod | jsvideourlparser | to 0.5.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Zod jsVideoUrlParser library up to version 0.5.1, specifically in the getTime function within lib/util.js. The issue arises from the manipulation of the timestamp argument, which causes inefficient regular expression complexity. This inefficiency can be exploited remotely to initiate an attack.
How can this vulnerability impact me? :
The vulnerability can be exploited remotely to cause inefficient regular expression processing, which may lead to performance degradation or denial of service conditions. The CVSS scores indicate a medium severity impact primarily affecting availability, meaning attackers could disrupt service availability without compromising confidentiality or integrity.