Inefficient Algorithmic Complexity Affecting pathway package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.47% (38th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-PATHWAY-17816695
  • published4 Jul 2026
  • disclosed2 Jul 2026
  • creditUnknown

Introduced: 2 Jul 2026

NewCVE-2026-59094  (opens in a new tab)
CWE-407  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

pathway is a Pathway Live Data Framework is a data processing framework which takes care of streaming data updates for you.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the document store process. An attacker can exhaust system resources by submitting specially crafted glob patterns with multiple ** tokens to unauthenticated HTTP endpoints, causing excessive CPU consumption and resulting in service unavailability.

CVSS Base Scores

version 4.0
version 3.1