Wiz
Vulnerability DatabaseCVE-2020-26305

CVE-2020-26305
JavaScript vulnerability analysis and mitigation

Overview

CommonRegexJS, a JavaScript port of CommonRegex, contains a vulnerability identified as CVE-2020-26305. All available versions of the library contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability was discovered and reported by GitHub Security Lab team member Erik Krogh Kristensen, and as of the time of publication, no known patches were available (GitHub Advisory).

Technical details

The vulnerability specifically affects the links regex functionality within CommonRegexJS. When processing certain input patterns, the regular expression can trigger exponential backtracking, leading to excessive CPU usage. The vulnerability was identified using a CodeQL query that detected potentially problematic regex patterns (GitHub Advisory). The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 HIGH with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

Impact

This vulnerability may lead to a denial of service condition. When exploited, the affected regular expressions can cause the application to consume excessive CPU resources, potentially making the service unresponsive (GitHub Advisory).

Mitigation and workarounds

At the time of the vulnerability disclosure, no known patches were available for this issue (NVD).

Additional resources

SourceThis report was generated using AI

Related JavaScript vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23744CRITICAL9.8
  • JavaScriptJavaScript
  • @mcpjam/inspector
NoYesJan 16, 2026
CVE-2026-23735HIGH8.7
  • JavaScriptJavaScript
  • graphql-modules
NoYesJan 16, 2026
GHSA-gw32-9rmw-qwwwHIGH8.4
  • JavaScriptJavaScript
  • svelte
NoYesJan 16, 2026
CVE-2026-23745HIGH8.2
  • JavaScriptJavaScript
  • argo-workflows-fips-3.6
NoYesJan 16, 2026
GHSA-38cw-85xc-xr9xMEDIUM6.8
  • JavaScriptJavaScript
  • @veramo/data-store
NoYesJan 16, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo