A vulnerability identified as problematic has been detected in pacote up to 11.2.7 . This impacts the function addGitSha . This manipulation causes inefficient regular expression complexity. This vulnerability is registered as CVE-2026-9496 . Remote exploitation of the attack is possible. No exploit is available.