CVE-2026-44896: Inline Span Regex Dot Any Body Xss
Regex pattern for a delimited inline span uses '(?P<name>.+?)' as the group body without excluding the delimiter character or handling backslash escape sequences. The dot matches any character including the delimiter, so an escaped delimiter (e.g., '\$') in user-supplied content can prematurely close the span and release remaining input to the inline parser
greprules fetch cve-2026-44896-inline-span-regex-dot-any-body-xss --engine opengrepDescription
Regex pattern for a delimited inline span uses '(?P<name>.+?)' as the group body without excluding the delimiter character or handling backslash escape sequences. The dot matches any character including the delimiter, so an escaped delimiter (e.g., '\$') in user-supplied content can prematurely close the span and release remaining input to the inline parser
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.