Moderate severityNVD Advisory· Published Jan 13, 2026· Updated Jan 13, 2026
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
CVE-2026-22809
Description
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id parameter. This vulnerability is fixed in 1.29.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tarteaucitronjsnpm | < 1.29.0 | 1.29.0 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-q5f6-qxm2-mcqmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-22809ghsaADVISORY
- github.com/AmauriC/tarteaucitron.js/commit/f0bbdac2fdf3cd24a325fc0928c0d34abf1b7b52ghsax_refsource_MISCWEB
- github.com/AmauriC/tarteaucitron.js/security/advisories/GHSA-q5f6-qxm2-mcqmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.