CVE-2026-35213 | hapijs content up to 6.0.0 HTTP Content-Type/Content-Disposition redos

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability described as problematic has been identified in hapijs content up to 6.0.0. Impacted is an unknown function of the component HTTP Handler. The manipulation of the argument Content-Type/Content-Disposition results in inefficient regular expression complexity.

This vulnerability was named CVE-2026-35213. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-35213 | hapijs content up to 6.0.0 HTTP Content-Type/Content-Disposition redos

Post correlati

CVE-2024-5129 | lunary-ai lunary up to 1.2.7 Delete Request authorization

CVE-2026-1704 | croixhaug Appointment Booking Calendar Plugin up to 1.6.9.29 on WordPress get_item_permissions_check ID authorization

CVE-2024-41628 | Severalnines Cluster Control prior 1.9.8-9778/2.0.0-9779/2.1.0-9780 CMON API path traversal

CVE-2024-9653 | Restaurant Menu Plugin up to 2.4.2 on WordPress cross site scripting