What is CVE-2026-35611?

CVE-2026-35611 is a high-severity vulnerability in Sporkmonger Addressable, classified under Inefficient Regular Expression Complexity. CVSS score: 7.5/10. Published 2026-04-07.

How severe is CVE-2026-35611?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Sporkmonger Addressable

CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular…

Vulnerability class: ReDoS (Regular Expression Denial of Service)

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Sporkmonger Addressable — versions >= 2.3.0, < 2.9.0

Weakness classification (CWE)

CWE-1333 — Inefficient Regular Expression Complexity

References

https://github.com/sporkmonger/addressable/security/advisories/GHSA-h27x-rffw-24p4 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-35611?: CVE-2026-35611 is a high-severity vulnerability in Sporkmonger Addressable, classified under Inefficient Regular Expression Complexity. CVSS score: 7.5/10. Published 2026-04-07.
How severe is CVE-2026-35611?: High severity. CVSS v3 base score is 7.5 out of 10.