CVE-2026-11478

LOW 3.3

kokke tiny-regex-c Pattern re.c matchstar redos

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-1333 CWE-400
Vendor	kokke
Product	tiny-regex-c
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for kokke tiny-regex-c

Be the first to know when new low vulnerabilities affecting kokke tiny-regex-c are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

kokke / tiny-regex-c

f2632c6d9ed25272987471cdb8b70395c2460bdb

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369098 vuldb.com: https://vuldb.com/vuln/369098/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11478 vuldb.com: https://vuldb.com/submit/833966 github.com: https://github.com/kokke/tiny-regex-c/issues/100 github.com: https://github.com/user-attachments/files/28046213/tiny-regex-c-redos-poc.zip github.com: https://github.com/kokke/tiny-regex-c/

Credits

🔍 Fantasy (VulDB User) VulDB CNA Team