Pillarjs Path-to-regexp — known CVE vulnerabilities
Every CVE whose affected-product data names Pillarjs Path-to-regexp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-4867 — CVSS 7.5 (high): Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something…
CVE-2026-4926 — CVSS 7.5 (high): Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as…
CVE-2026-4923 — CVSS 5.9 (medium): Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to…