GROWI ReDoS Vulnerability (CVE-2026-41040) Poses High DoS Risk

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitydenial-of-servicecwe-1333
GROWI ReDoS Vulnerability (CVE-2026-41040) Poses High DoS Risk

The National Vulnerability Database has disclosed CVE-2026-41040, a high-severity regular expression denial of service (ReDoS) vulnerability affecting GROWI, a wiki platform provided by GROWI, Inc. Rated with a CVSS score of 7.5, this flaw allows an unauthenticated attacker to trigger a denial-of-service condition by supplying a specially crafted input string.

ReDoS vulnerabilities are insidious because they exploit the computational complexity of certain regular expressions when processing malicious input. A seemingly innocuous string can force the regex engine into an exponentially long processing loop, consuming all available CPU resources and rendering the application unresponsive. For GROWI, this means an attacker could effectively take the wiki offline with minimal effort.

This isn’t just a nuisance; it’s a direct operational impact. Any organization relying on GROWI for critical documentation, collaboration, or knowledge management faces a tangible risk of service disruption. Defenders need to understand that the attacker’s calculus here is simple: maximum impact with low effort. Patching this is non-negotiable.

What This Means For You

  • If your organization uses GROWI, you need to identify all instances and prepare for patching immediately when a fix is released. Monitor your GROWI deployments for unusual CPU spikes or service interruptions that could indicate an active ReDoS attack, even before a patch is available. This vulnerability allows for a complete denial-of-service with no authentication required, making it a critical threat to availability.

Related ATT&CK Techniques

T1499 Denial of Service Impact

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1499 Impact

GROWI ReDoS Exploit Attempt - CVE-2026-41040

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41040 DoS GROWI
CVE-2026-41040 DoS regular expression denial of service (ReDoS)
CVE-2026-41040 DoS crafted input string

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 10:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Zero-Day Flaw in Microsoft Defender Leveraged by Attackers

SecurityWeek reports a critical zero-day vulnerability in Microsoft Defender has been actively exploited. This flaw grants attackers the ability to access the Security Account Manager...

threat-intelvulnerabilitymicrosoft
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs /⚙ 3 Sigma

IP Setting Software Vulnerability Allows Arbitrary Code Execution

CVE-2026-34488 — IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,...

vulnerabilityCVEhigh-severitycwe-427
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-41990 — Libgcrypt before 1.12.2 mishandles Dilithium signing.

CVE-2026-41990 — Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.

vulnerabilityCVEmedium-severitycwe-787
/SCW Vulnerability Desk /MEDIUM /4 /⚑ 2 IOCs /⚙ 1 Sigma