The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16574 advisory.

  - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to     versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`)     causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate     heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings     passed to `expand()` to ensure a step value of `0` is not used. (CVE-2026-33750)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103710 advisory.

  - This DoS (Denial of Service) vulnerability allows an unauthenticated attacker to cause a resource to be     unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected     to a network which has no impact to confidentiality, no impact to integrity, high impact to availability,     and requires no user interaction. (CVE-2026-33750)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to     versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`)     causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate     heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings     passed to `expand()` to ensure a step value of `0` is not used. (CVE-2026-33750)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
318800	Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.20 / 10.4.x < 11.3.5 (JSDSERVER-16574)	Nessus	Misc.	high
317400	Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.10 (CONFSERVER-103710)	Nessus	CGI abuses	high
304169	Linux Distros Unpatched Vulnerability : CVE-2026-33750	Nessus	Misc.	high

Detections

Analytics

CVE-2026-33750

high

Tenable Plugins

high

high

high