CVE-2026-25547

Vulnerability

CVE-2026-25547

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

ecosystem: redhat:8, redhat:9, redhat:10

A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.

References

secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2026-25547
secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2436942
secalert@redhat.com: https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2
secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2026-25547
secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2026-25547

severityM

Moderate

type: vendor

source: secalert@redhat.com

CVSS3.1

6.5MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AV	Network
AC	Low
PR	None
UI	Required
S	Not Changed
C	None
I	None
A	High

source: secalert@redhat.com

　CWE

CWE-409

Improper Handling of Highly Compressed Data (Data Amplification)

source: secalert@redhat.com

published: 2026-02-04 21:51:17

modified: 2026-02-06 15:32:54

Detection

redhat:10

CVE-2026-25547

redhat-vex

OR

unfixedFix deferred

nodejs

package type: binary

type: version

unfixedFix deferred

nodejs-devel

package type: binary

type: version

unfixedFix deferred

nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs-npm

package type: binary

type: version

unfixedFix deferred

nodejs24

package type: binary

type: version

unfixedFix deferred

nodejs24-devel

package type: binary

type: version

unfixedFix deferred

nodejs24-docs

package type: binary

type: version

unfixedFix deferred

nodejs24-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs24-libs

package type: binary

type: version

unfixedFix deferred

nodejs24-npm

package type: binary

type: version

unfixedFix deferred

nodejs-nodemon

package type: source

type: version

unfixedFix deferred

nodejs22

package type: source

type: version

unfixedFix deferred

nodejs24

package type: source

type: version

tag: rhel-10:38869b74-63f1-d314-eb1f-ef822d5bbe04

redhat:8

CVE-2026-25547

redhat-vex

OR

unfixedFix deferred

grafana

package type: binary

type: version

unfixedFix deferred

grafana-azure-monitor

package type: binary

type: version

unfixedFix deferred

grafana-cloudwatch

package type: binary

type: version

unfixedFix deferred

grafana-elasticsearch

package type: binary

type: version

unfixedFix deferred

grafana-graphite

package type: binary

type: version

unfixedFix deferred

grafana-influxdb

package type: binary

type: version

unfixedFix deferred

grafana-loki

package type: binary

type: version

unfixedFix deferred

grafana-mssql

package type: binary

type: version

unfixedFix deferred

grafana-mysql

package type: binary

type: version

unfixedFix deferred

grafana-opentsdb

package type: binary

type: version

unfixedFix deferred

grafana-postgres

package type: binary

type: version

unfixedFix deferred

grafana-prometheus

package type: binary

type: version

unfixedFix deferred

grafana-selinux

package type: binary

type: version

unfixedFix deferred

grafana-stackdriver

package type: binary

type: version

unfixedFix deferred

mozjs60

package type: binary

type: version

unfixedFix deferred

mozjs60-devel

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-devel

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-nodemon

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-packaging

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-packaging-bundler

package type: binary

type: version

unfixedFix deferred

nodejs:20::npm

package type: binary

type: version

unfixedFix deferred

nodejs:20::v8-12.4-devel

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-devel

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-nodemon

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-packaging

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-packaging-bundler

package type: binary

type: version

unfixedFix deferred

nodejs:22::npm

package type: binary

type: version

unfixedFix deferred

nodejs:22::v8-12.4-devel

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-devel

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-nodemon

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-packaging

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-packaging-bundler

package type: binary

type: version

unfixedFix deferred

nodejs:24::npm

package type: binary

type: version

unfixedFix deferred

nodejs:24::v8-12.4-devel

package type: binary

type: version

unfixedFix deferred

pcs

package type: binary

type: version

unfixedFix deferred

pcs-snmp

package type: binary

type: version

unfixedFix deferred

grafana

package type: source

type: version

unfixedFix deferred

mozjs60

package type: source

type: version

unfixedFix deferred

nodejs:20::nodejs

package type: source

type: version

unfixedFix deferred

nodejs:20::nodejs-nodemon

package type: source

type: version

unfixedFix deferred

nodejs:20::nodejs-packaging

package type: source

type: version

unfixedFix deferred

nodejs:22::nodejs

package type: source

type: version

unfixedFix deferred

nodejs:22::nodejs-nodemon

package type: source

type: version

unfixedFix deferred

nodejs:22::nodejs-packaging

package type: source

type: version

unfixedFix deferred

nodejs:24::nodejs

package type: source

type: version

unfixedFix deferred

nodejs:24::nodejs-nodemon

package type: source

type: version

unfixedFix deferred

nodejs:24::nodejs-packaging

package type: source

type: version

unfixedFix deferred

pcs

package type: source

type: version

tag: rhel-8-including-unpatched:778c2047-352d-3135-dc22-6612f421ecf6

redhat:9

CVE-2026-25547

redhat-vex

OR

unfixedFix deferred

gjs-devel

package type: binary

type: version

unfixedFix deferred

grafana

package type: binary

type: version

unfixedFix deferred

grafana-selinux

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs:20::nodejs-nodemon

package type: binary

type: version

unfixedFix deferred

nodejs:20::npm

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs:22::nodejs-nodemon

package type: binary

type: version

unfixedFix deferred

nodejs:22::npm

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-docs

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-full-i18n

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-libs

package type: binary

type: version

unfixedFix deferred

nodejs:24::nodejs-nodemon

package type: binary

type: version

unfixedFix deferred

nodejs:24::npm

package type: binary

type: version

unfixedFix deferred

pcs

package type: binary

type: version

unfixedFix deferred

pcs-snmp

package type: binary

type: version

unfixedFix deferred

polkit-devel

package type: binary

type: version

unfixedFix deferred

polkit-docs

package type: binary

type: version

unfixedFix deferred

polkit-libs

package type: binary

type: version

unfixedFix deferred

gjs

package type: source

type: version

unfixedFix deferred

grafana

package type: source

type: version

unfixedFix deferred

nodejs:20::nodejs

package type: source

type: version

unfixedFix deferred

nodejs:20::nodejs-nodemon

package type: source

type: version

unfixedFix deferred

nodejs:22::nodejs

package type: source

type: version

unfixedFix deferred

nodejs:22::nodejs-nodemon

package type: source

type: version

unfixedFix deferred

nodejs:24::nodejs

package type: source

type: version

unfixedFix deferred

nodejs:24::nodejs-nodemon

package type: source

type: version

unfixedFix deferred

pcs

package type: source

type: version

unfixedFix deferred

polkit

package type: source

type: version

tag: rhel-9-including-unpatched:dbad6d44-2e28-d986-7417-25b7fc6a505e

Data Sources

RedHat Enterprise Linux CSAF VEX
redhat-vex

FutureVuls|GitHub