CVE-2026-25547CRITICALCVSS 9.2fixed in 5.0.12026-02-04
CVE-2026-25547 [CRITICAL] CWE-1333 CVE-2026-25547: @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every pos
ghsanvdosv