CVE-2026-2327 – Markdown-it ReDoS Vulnerability

CVE ID : CVE-2026-2327

Published : Feb. 12, 2026, 6:16 a.m. | 2 hours, 9 minutes ago

Description : Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…