CWE-777— Regular Expression without Anchors
The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.— MITRE CWE catalog
4 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-777page 1 of 1
- CVE-2024-1899MEDIUMCVSS 5.3EG 5.32024-02-26
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.
- CVE-2026-39087MEDIUMCVSS 6.4EG 9.82026-04-23
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs.
- CVE-2026-40110HIGHCVSS 7.3EG 7.32026-05-05
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match(…
- CVE-2026-56021MEDIUMCVSS 5.3EG 5.32026-06-18
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.
Map vulnerabilities like CWE-777 to your infrastructure
EchelonGraph correlates every CVE — across CWE-777 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →