What is CVE-2026-25547?

A critical denial of service vulnerability exists in versions of @isaacs/brace-expansion prior to 5.0.1. Attackers can exploit this flaw to consume excessive system resources. Immediate remediation is necessary.

What is the severity of CVE-2026-25547?

CVE-2026-25547 has a severity rating of CRITICAL with a CVSS base score of 9.2.

CVE-2026-25547 | Critical Vulnerability in @isaacs/brace-expansion

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, this library is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously.

The exponential growth in combinations can lead to significant CPU and memory consumption, potentially crashing the Node.js process. This vulnerability has been patched in version 5.0.1, making it essential for users to upgrade to this version or later.

Given the critical severity with a CVSS score of 9.2, organizations using affected versions of @isaacs/brace-expansion should prioritize patching immediately to mitigate any risks associated with this vulnerability. Failure to address this could result in service disruptions and degraded performance.

As of now, there are no known exploits associated with this vulnerability, but the potential for resource consumption presents a real threat to operational integrity.

Organizations should ensure that they are using the latest patched version of the library to prevent exploitation of this vulnerability.

Vulnerability Details

The vulnerability, classified as a denial of service (DoS) issue, impacts all versions of @isaacs/brace-expansion prior to 5.0.1. It is associated with the CWE ID CWE-1333, indicating uncontrolled resource consumption. This vulnerability has been assigned a CVSS score of 9.2, signifying its critical nature.

The vulnerability was published on February 4, 2026, and it is critical for organizations using this library to stay updated with the latest security advisories.

Technical Analysis

The root cause of this vulnerability is the unbounded brace range expansion in the library. When an attacker inputs a pattern with extensive numeric brace ranges, the library attempts to generate all possible combinations, which leads to exponential growth in processing requirements.

This vulnerability is exploitable over the network, requiring no special privileges or user interaction. The attack complexity is considered low, making it easier for attackers to leverage this flaw.

The impact on availability is high, as the excessive resource consumption can cause applications using this library to become unresponsive or crash.

Risk & Impact Analysis

Risk to organizations includes potential service disruptions and degraded application performance due to resource exhaustion. This vulnerability poses a significant threat as it can be triggered by relatively simple input patterns, making it crucial for organizations to address it promptly.

Organizations should assess their usage of @isaacs/brace-expansion and prioritize patching to version 5.0.1 or later. Given the critical nature of this vulnerability, it should be treated as a top priority in the patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of @isaacs/brace-expansion prior to 5.0.1 are affected by this vulnerability. Organizations should ensure they are running the patched version to avoid any potential issues.

Mitigation & Remediation

To mitigate this vulnerability, organizations should upgrade to version 5.0.1 or later of @isaacs/brace-expansion. If upgrading is not immediately possible, consider implementing input validation to limit the complexity of patterns processed by the library.

For further security assurance, organizations may also consider engaging in penetration testing to identify any additional vulnerabilities in their systems.

Detection Guidance

Organizations should monitor logs for any unusual patterns that may indicate exploitation attempts, such as excessive resource consumption related to brace expansion. Additionally, behavioral anomalies in Node.js processes should be tracked.

AppSecure Threat Intelligence Insight

The occurrence of this denial of service vulnerability highlights the importance of rigorous input validation in libraries handling potentially untrusted data. Security teams should remain vigilant about the patterns and libraries they integrate into their applications.

This incident serves as a reminder to conduct regular audits of dependency usage and to apply updates promptly. Security teams may benefit from resources on vulnerability management best practices to enhance their security postures.

Additionally, implementing a penetration testing methodology can help identify and mitigate similar vulnerabilities in the future.

Finally, organizations are encouraged to regularly review their security practices and stay informed about emerging threats and vulnerabilities in their technology stack.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-25547: Critical Vulnerability in @isaacs/brace-expansion