Denial of Service Vulnerability in decode-uri-component by Sam Verschueren
CVE-2026-45822

6.6MEDIUM

Key Information:

Vendor: Samverschueren
Status: Decode-uri-component
Vendor: CVE Published:; 30 June 2026

🔔 Create Samverschueren Vulnerability Alert

What is CVE-2026-45822?

The decode-uri-component library, used for decoding URI components, is susceptible to a denial of service attack. Specifically, the decode() function can lead to super-linear parsing times due to how it processes input. For instance, providing multiple '%ab' tokens can vastly increase CPU usage and result in unresponsive application behavior. An attacker can exploit this vulnerability by sending specially crafted input, significantly impacting performance and leading to potential service downtime.

Affected Version(s)

decode-uri-component Linux 0.1.0 < 0.5.0

References

https://github.com/SamVerschueren/decode-uri-component/bl...

https://github.com/SamVerschueren/decode-uri-component/co...

https://www.npmjs.com/package/decode-uri-component

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 13, 2026

Credit

Seal Security

CVE-2026-45822 Data

JSON