CVE-2026-10692: Inefficient Regular Expression Complexity in johnhuang316 code-index-mcp
CVE-2026-10692 is a medium severity vulnerability in johnhuang316 code-index-mcp up to version 2. 14. 0. It affects the is_safe_regex_pattern function in the search_code_advanced component, where manipulating the regex argument can cause inefficient regular expression complexity. This can be exploited remotely. A public exploit is available. Upgrading to version 2. 14. 1, which includes a patch identified by commit 25bc02fac74051ddae15ce79e952f00211b1ea6b, resolves the issue.
AI Analysis
Technical Summary
The vulnerability in johnhuang316 code-index-mcp (versions up to 2.14.0) involves the is_safe_regex_pattern function within the search_code_advanced component. An attacker can remotely supply a crafted regular expression argument that triggers inefficient regular expression complexity, potentially leading to performance degradation or denial of service. The issue is fixed in version 2.14.1 by a patch identified as 25bc02fac74051ddae15ce79e952f00211b1ea6b. The CVSS 4.0 score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on availability.
Potential Impact
Exploitation of this vulnerability can cause inefficient processing of regular expressions, potentially resulting in resource exhaustion or denial of service conditions on affected systems. The vulnerability can be triggered remotely without authentication or user interaction. There is no indication of confidentiality or integrity impact. A public exploit exists, increasing the risk of attack.
Mitigation Recommendations
A fix is available by upgrading johnhuang316 code-index-mcp to version 2.14.1, which addresses this vulnerability. Users should apply this official patch promptly. No alternative mitigations or temporary workarounds are indicated in the provided data.
CVE-2026-10692: Inefficient Regular Expression Complexity in johnhuang316 code-index-mcp
Description
CVE-2026-10692 is a medium severity vulnerability in johnhuang316 code-index-mcp up to version 2. 14. 0. It affects the is_safe_regex_pattern function in the search_code_advanced component, where manipulating the regex argument can cause inefficient regular expression complexity. This can be exploited remotely. A public exploit is available. Upgrading to version 2. 14. 1, which includes a patch identified by commit 25bc02fac74051ddae15ce79e952f00211b1ea6b, resolves the issue.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in johnhuang316 code-index-mcp (versions up to 2.14.0) involves the is_safe_regex_pattern function within the search_code_advanced component. An attacker can remotely supply a crafted regular expression argument that triggers inefficient regular expression complexity, potentially leading to performance degradation or denial of service. The issue is fixed in version 2.14.1 by a patch identified as 25bc02fac74051ddae15ce79e952f00211b1ea6b. The CVSS 4.0 score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on availability.
Potential Impact
Exploitation of this vulnerability can cause inefficient processing of regular expressions, potentially resulting in resource exhaustion or denial of service conditions on affected systems. The vulnerability can be triggered remotely without authentication or user interaction. There is no indication of confidentiality or integrity impact. A public exploit exists, increasing the risk of attack.
Mitigation Recommendations
A fix is available by upgrading johnhuang316 code-index-mcp to version 2.14.1, which addresses this vulnerability. Users should apply this official patch promptly. No alternative mitigations or temporary workarounds are indicated in the provided data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-02T15:43:28.477Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1f6f72e29bf47b50147105
Added to database: 6/3/2026, 12:04:02 AM
Last enriched: 6/3/2026, 12:18:36 AM
Last updated: 6/3/2026, 1:22:20 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.