CVE-2026-45149

Name of the Vulnerable Software and Affected Versions brace-expansion (affected versions not specified)

Description A Denial of Service (DoS) issue exists where the max option is applied too late during the expansion of large numeric ranges. For example, expanding a range like {1..10000000} causes the sequence generation loop to create all intermediate elements before applying the limit. This results in excessive memory allocation and processing time, even when a small max value is specified.

Recommendations Ensure the string to be expanded does not contain more values than the desired max item count.