The Express team has released new patch versions of path-to-regexp addressing three security vulnerabilities (CVE-2026-4867, CVE-2026-4926, and CVE-2026-4923) that could lead to Regular Expression Denial of Service (ReDoS) attacks.