Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-185 (不正确的正则表达式) — Vulnerability Class 20

20 vulnerabilities classified as CWE-185 (不正确的正则表达式). AI Chinese analysis included.

CWE-185 represents a logic flaw where a software product specifies a regular expression that fails to properly match or compare input data. This weakness typically arises from ambiguous patterns, insufficient anchoring, or incorrect quantifiers, leading to unintended matches. Attackers exploit this vulnerability by crafting malicious inputs that bypass intended filtering or validation mechanisms, such as injection attacks or unauthorized access attempts. By slipping past these security controls, adversaries can execute arbitrary code, access restricted resources, or corrupt data integrity. To mitigate this risk, developers must rigorously test regex patterns against edge cases and known attack vectors. Utilizing established, well-vetted libraries and adhering to strict input validation standards ensures that expressions accurately reflect security requirements, thereby preventing bypasses and maintaining robust application defenses against sophisticated exploitation techniques.

MITRE CWE Description
The product specifies a regular expression in a way that causes data to be improperly matched or compared. When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.
Common Consequences (2)
OtherUnexpected State, Varies by Context
When the regular expression is not correctly specified, data might have a different format or type than the rest of the program expects, producing resultant weaknesses or errors.
Access ControlBypass Protection Mechanism
In PHP, regular expression checks can sometimes be bypassed with a null byte, leading to any number of weaknesses.
Mitigations (1)
ImplementationRegular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence lev…
Examples (2)
The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.
$phone = GetPhoneNumber(); if ($phone =~ /\d+-\d+/) { # looks like it only has hyphens and digits system("lookup-phone $phone"); } else { error("malformed number!"); }
Bad · Perl
This code uses a regular expression to validate an IP string prior to using it in a call to the "ping" command.
import subprocess import re def validate_ip_regex(ip: str): ip_validator = re.compile(r"((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}") if ip_validator.match(ip): return ip else: raise ValueError("IP address does not match valid pattern.") def run_ping_regex(ip: str): validated = validate_ip_regex(ip) # The ping command treats zero-prepended IP addresses as octal result = subprocess.call(["ping", validated]) print(result)
Bad · Python
CVE IDTitleCVSSSeverityPublished
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass — Enterprise Server 8.2AIHighAI2026-04-21
CVE-2026-25542 Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching — pipeline 6.5 Medium2026-04-21
CVE-2026-39350 Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass — istio 5.4 Medium2026-04-15
CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection — dicebear 7.5 High2026-03-24
CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type — lam 4.3 Medium2026-03-17
CVE-2026-3419 Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation — fastify 5.3 Medium2026-03-06
CVE-2026-25896 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names — fast-xml-parser 9.3 Critical2026-02-20
CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns — litestar 6.5 Medium2026-02-09
CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing — hono 4.8 Medium2026-01-27
CVE-2025-20139 Cisco Enterprise Chat and Email 安全漏洞 — Cisco Enterprise Chat and Email 7.5 High2025-04-02
CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs — authentik 6.1AIMediumAI2024-11-21
CVE-2024-6641 WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration — WP Hardening (discontinued) 5.3 Medium2024-09-18
CVE-2024-2223 Incorrect Regular Expression in GravityZone Update Server (VA-11465) — GravityZone Control Center (On Premises) 8.1 High2024-04-09
CVE-2021-36093 DoS attack using PostMaster filters — ((OTRS)) Community Edition 5.3 Medium2021-09-06
CVE-2018-1109 Npm Braces 资源管理错误漏洞 — nodejs-braces 5.3 -2021-03-30
CVE-2020-7929 Specially crafted regex query can cause DoS — MongoDB Server 6.5 Medium2021-03-01
CVE-2020-3408 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability — Cisco IOS 8.6 -2020-09-24
CVE-2020-7016 Elasticsearch Kibana 资源管理错误漏洞 — Kibana 4.8 -2020-07-27
CVE-2020-1741 Red Hat OpenShift Container Platform openshift-ansible 安全漏洞 — openshift-ansible 5.9 Medium2020-04-24
CVE-2018-7158 Joyent Node.js path模块输入验证错误漏洞 — Node.js 7.5 -2018-05-17

Vulnerabilities classified as CWE-185 (不正确的正则表达式) represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.