Vulnerabilities ›

CVE-2026-5986

Medium

CWE-400 — Weakness Type

                    Published: Apr 9, 2026                      ·  Modified: Apr 12, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-5986 is a ReDoS vulnerability in Zod jsVideoUrlParser library versions up to 0.5.1 affecting the getTime function in lib/util.js. Remote attackers can exploit inefficient regex patterns to cause denial of service by manipulating timestamp arguments.

📄 Description (Arabic)

تم تحديد ضعف في مكتبة Zod jsVideoUrlParser حيث تحتوي دالة getTime على تعبير نمطي معقد بشكل غير فعال. يمكن للمهاجمين استغلال هذا الضعف عن بعد بإرسال مدخلات timestamp محددة بعناية لإحداث استهلاك موارد المعالج.

🤖 ملخص تنفيذي (AI)

ثغرة ReDoS في مكتبة Zod jsVideoUrlParser الإصدارات حتى 0.5.1 تؤثر على دالة getTime في lib/util.js. يمكن للمهاجمين البعيدين استغلال أنماط regex غير فعالة لإحداث رفض الخدمة.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 03:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1499.004

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Zod jsVideoUrlParser to version 0.5.2 or later when available. Implement input validation and sanitization for timestamp parameters. Consider implementing rate limiting and timeout mechanisms for regex operations. Monitor for suspicious patterns in timestamp inputs.

🔧 خطوات المعالجة (العربية)

قم بترقية مكتبة Zod jsVideoUrlParser إلى الإصدار 0.5.2 أو أحدث عند توفره. قم بتطبيق التحقق من صحة المدخلات وتنظيفها لمعاملات الطابع الزمني. فكر في تطبيق تحديد معدل المعالجة وآليات المهلة الزمنية لعمليات regex. راقب الأنماط المريبة في مدخلات الطابع الزمني.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.BE-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 5

🔗

https://github.com/Zod-/jsVideoUrlParser/issues/121

cna@vuldb.com

🔗

https://github.com/Zod-/jsVideoUrlParser/issues/121#issue-4159661957

cna@vuldb.com

🔗

https://vuldb.com/submit/791911

cna@vuldb.com

🔗

https://vuldb.com/vuln/356540

cna@vuldb.com

🔗

https://vuldb.com/vuln/356540/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-400

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-04-09

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-400

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-5986

Introduce Yourself

Sign In Required