Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.04%
12.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | path-to-regexp | 8.0.0, 8.0.0, 8.0.0 |
| AWS | connect | |
| path-to-regexp | path-to-regexp | 8.0.0, 8.0.0, 8.4.0 |
Timeline
- Mar 26, 2026 PoC Published
- Mar 26, 2026 CVE Published
- Mar 26, 2026 PoC Published
- Mar 27, 2026 EPSS Score
- Mar 27, 2026 Coalition ESS Score
- Mar 27, 2026 CVE Updated
- Mar 28, 2026 Security Advisory
References
- https://cna.openjsf.org/security-advisories.html url
- https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-4923 advisory
- https://github.com/pillarjs/path-to-regexp package
- https://makenowjust-labs.github.io/recheck/playground url