Vulnerability in Markdown-it Linkify-it
CVE-2026-48801
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails because the…
Vulnerability class: ReDoS (Regular Expression Denial of Service)
Affected products
- Markdown-it Linkify-it — versions < 5.0.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)