CVE-2026-5986

MEDIUM 5.3

Zod jsVideoUrlParser util.js getTime redos

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

13th

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-1333 CWE-400
Vendor	zod
Product	jsvideourlparser
Published	Apr 9, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for zod jsvideourlparser

Be the first to know when new medium vulnerabilities affecting zod jsvideourlparser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Zod / jsVideoUrlParser

0.5.0 0.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/356540 vuldb.com: https://vuldb.com/vuln/356540/cti vuldb.com: https://vuldb.com/submit/791911 github.com: https://github.com/Zod-/jsVideoUrlParser/issues/121 github.com: https://github.com/Zod-/jsVideoUrlParser/issues/121#issue-4159661957

Credits

🔍 ybdesire (VulDB User) VulDB CNA Team