The vulnerability arises from the plugin's incorrect prioritization of longer regex patterns over more specific ones when matching paths. This can result in less restrictive CORS policies being applied to endpoints that should be highly restricted. Consequently, unauthorized cross-origin access to sensitive data or functionality is possible, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors.

An attacker can exploit this vulnerability by sending a request to a sensitive endpoint with a less restrictive CORS policy. For example, an attacker could send a request to /api/super_Secret from a malicious origin like https://evil.com, and due to the improper regex prioritization, the response would include the Access-Control-Allow-Origin header for the malicious origin, allowing unauthorized access to sensitive data.

Users of the flask-cors plugin version 4.0.1 who have configured CORS policies using regex patterns for path matching are affected. This includes developers and organizations that rely on flask-cors to manage cross-origin requests for their Flask applications.