CVE-2026-23956

Name of the Vulnerable Software and Affected Versions seroval versions 1.4.0 and below

Description seroval is a JavaScript library that facilitates value stringification, including complex structures. In versions 1.4.0 and below, overriding RegExp serialization with excessively large patterns can exhaust JavaScript runtime memory during deserialization. Overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). Catastrophic backtracking is a condition where a regular expression engine takes an extremely long time to complete its search due to the structure of the pattern.

Recommendations Configure disabledFeatures to disable RegExp serialization entirely.