CVE-2025-26042: Powershell Double Quote Injection Cve 2025 26042
A regular expression intended to filter input (CVE-2025-26042) was reported vulnerable to ReDoS. Additionally, relying on regex instead of safe escaping masks an underlying OS Command Injection risk where input is passed into a double-quoted string in PowerShell. Fix by escaping single quotes (`input.replaceAll("'", "''")`) and wrapping the variable in singl
JSgreprules fetch cve-2025-26042-powershell-double-quote-injection-cve-2025-26042 --engine opengrepDescription
A regular expression intended to filter input (CVE-2025-26042) was reported vulnerable to ReDoS. Additionally, relying on regex instead of safe escaping masks an underlying OS Command Injection risk where input is passed into a double-quoted string in PowerShell. Fix by escaping single quotes (`input.replaceAll("'", "''")`) and wrapping the variable in singl
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0