IxtliHIGHCVE-2026-27904npmCVSS 7.5
minimatch
Published
Description
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Affected Versions
>=10.0.0>=9.0.0>=8.0.0>=7.0.0>=6.0.0>=5.0.0>=4.0.0>=0
FIXED VERSIONS5.1.77.4.85.1.84.2.44.2.59.0.73.1.38.0.510.2.39.0.68.0.66.2.13.1.410.2.16.2.27.4.7
References
WEBhttps://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27904WEBhttps://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fcePACKAGEhttps://github.com/isaacs/minimatchWEBhttps://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-26996WEBhttps://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5WEBhttps://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmjADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27903WEBhttps://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748
Using minimatch?
Scan your dependencies and detect this automatically on every PR.
Create free account