CVE-2026-30837

Name of the Vulnerable Software and Affected Versions Elysia versions prior to 1.4.26

Description Elysia, a Typescript framework used for request validation, type inference, OpenAPI documentation, and client-server communication, contains a Regular Expression Denial of Service (ReDoS) issue. Specifically, the t.String({ format: 'url' }) function is susceptible to significant slowdowns when provided with a repeated partial URL format (protocol and hostname). This occurs because the regular expression used for URL validation becomes inefficient when processing such input.

Recommendations Update to version 1.4.26 or later.