CVE-2026-4926: Regular Expression Denial of Service
CVE-2026-4926 describes a denial-of-service vulnerability due to an inefficient regular expression complexity issue when handling multiple sequential optional groups, leading to exponential growth and resource exhaustion.
CVE-2026-4926 exposes a denial-of-service vulnerability stemming from inefficient regular expression complexity. This flaw arises when a regular expression contains multiple sequential optional groups, denoted by curly brace syntax (e.g., {a}{b}{c}:z). The vulnerability lies in the exponential growth of the generated regular expression, leading to excessive resource consumption and ultimately causing a denial-of-service condition. This issue was introduced prior to version 8.4.0 and poses a…
Detection coverage 2
Detect Suspicious URI with Multiple Optional Groups
highDetects suspicious URIs containing multiple sequential optional groups in the query string, potentially indicating a regex DoS attack attempt.
Detect HTTP Requests with Excessive Optional Regex Groups
highThis rule detects HTTP requests containing a high number of curly brace pairs in the URI, which could indicate an attempt to exploit a regex-based denial-of-service vulnerability (CVE-2026-4926).
Detection queries are kept inside the platform. Get full rules →