Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
markdown-it Inefficient Regular Expression Complexity Vulnerability - CVE-2026-2327 - Vulnerability Database
markdown-it

markdown-it Inefficient Regular Expression Complexity Vulnerability - CVE-2026-2327

High
Reference: CVE-2026-2327
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-2327
Title: markdown-it Inefficient Regular Expression Complexity Vulnerability
Overview:

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex // in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character which triggers excessive backtracking and may lead to a denial-of-service condition.