CVE-2026-5986
Received Received - Intake
Inefficient Regex Complexity in Zod jsVideoUrlParser getTime Function

Publication date: 2026-04-09

Last updated on: 2026-04-09

Assigner: VulDB

Description
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5986
EUVD
EUVD-2026-21236
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zod jsvideourlparser to 0.5.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Zod jsVideoUrlParser library up to version 0.5.1, specifically in the getTime function within lib/util.js. The issue arises from the manipulation of the timestamp argument, which causes inefficient regular expression complexity. This inefficiency can be exploited remotely to initiate an attack.

Impact Analysis

The vulnerability can be exploited remotely to cause inefficient regular expression processing, which may lead to performance degradation or denial of service conditions. The CVSS scores indicate a medium severity impact primarily affecting availability, meaning attackers could disrupt service availability without compromising confidentiality or integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5986. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart