diff --git a/.changeset/nice-schools-cry.md b/.changeset/nice-schools-cry.md
new file mode 100644
index 00000000000..8a83d97ae24
--- /dev/null
+++ b/.changeset/nice-schools-cry.md
@@ -0,0 +1,5 @@
+---
+'@talend/react-cmf': minor
+---
+
+fix(): Fix security issue on regular expression
diff --git a/packages/cmf/__tests__/settings.test.js b/packages/cmf/__tests__/settings.test.js
index 129db6434bc..a2180cb3ebe 100644
--- a/packages/cmf/__tests__/settings.test.js
+++ b/packages/cmf/__tests__/settings.test.js
@@ -111,6 +111,7 @@ describe('settings', () => {
 	describe('withoutHOC', () => {
 		it('should remove all HOC prefix', () => {
 			expect(withoutHOC('Connect(CMF(Container(MyComponent)))')).toBe('MyComponent');
+			expect(withoutHOC('Connect(CMF(Container(Comp_+*[]~-=@{})))')).toBe('Comp_+*[]~-=@{}');
 		});
 	});
 });
diff --git a/packages/cmf/src/settings.js b/packages/cmf/src/settings.js
index d9fe6171b9d..b44083b1859 100644
--- a/packages/cmf/src/settings.js
+++ b/packages/cmf/src/settings.js
@@ -27,11 +27,12 @@ export function generateDefaultViewId(viewId, componentName, componentId) {
 
 /**
  * Extract component name without HOC
- * @param {String} viewId Connect(CMF(Container(MyComponent)))
+ * @param {String} componentName Connect(CMF(Container(MyComponent)))
  * @return {String} MyComponent
  */
 export function withoutHOC(componentName) {
-	return componentName.match(/.*\((.*?)\)/)[1];
+	const parts = componentName.split('(');
+	return parts[parts.length - 1].replaceAll(')', '');
 }
 
 /**