Denial Of Service (DoS)

xgrammar is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multi-level nested syntax, which can trigger a segmentation fault and crash the application...

Uncontrolled Recursion

Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Uncontrolled Recursion through the handling of multi-level nested grammar rules. An attacker can cause a segmentation fault and crash the application by submitting...

ado-vllm-performance (>=1.2.2 <=1.3.3), agentclinic (=0.1.0) +73 more potentially affected by CVE-2026-25048 via xgrammar (>=0.1.11 <=0.1.29)

xgrammar PYPI version =0.1.11, =1.2.2, =0.0.0, =2.3.5, =0.8.4, =0.2.2, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.1.0 and more Source cves: CVE-2026-25048 Source advisory: OSV:GHSA-7RGV-GQHR-FXG3...

GHSA-7RGV-GQHR-FXG3 xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

CVE-2026-25048

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

CVE-2026-25048

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

CVE-2026-25048

CVE-2026-25048 affects xgrammar prior to v0.1.32, where a multi-level nested syntax causes a segmentation fault (core dumped). The issue is fixed in v0.1.32. According to the provided metrics, the exposure is high impact to availability, with no impact on confidentiality or integrity. No exploit ...

CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

XGrammar 安全漏洞

XGrammar is a fast, flexible, and portable structured generation tool open source by mlc-ai. Versions of XGrammer before 0.1.32 have security vulnerabilities, which are caused by multi-level nested syntax leading to segmentation errors...

Denial Of Service (DoS)

xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...

EUVD-2025-10549

Malicious code in bioql PyPI...

EUVD-2025-28633

Malicious code in bioql PyPI...

EUVD-2025-29404

Malicious code in bioql PyPI...

Improper Input Validation

xgrammar is vulnerable to improper input validation. The vulnerability is due to the lack of validation on user-supplied grammars, which allows an attacker to easily trigger the flaw and potentially exploit affected tools that pass untrusted grammars to xgrammar...

CVE-2025-58446

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24. Mitigation Upgrad...

Allocation of Resources Without Limits or Throttling

Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to wrong boundary check in the earley parser. An attacker can cause resource exhaustion and disrupt service...

agentics-py (>=0.0.0 <=0.0.5), caption-flow (>=0.1.0 <=0.4.2) +9 more potentially affected by CVE-2025-58446 via xgrammar (=0.1.23)

xgrammar PYPI version =0.1.23 is affected by a known vulnerability. The following packages have a transitive dependency on xgrammar and may be impacted: - agentics-py =0.0.0, =0.1.0, =1.0.1rc1, =0.0.4, =1.0.0, =0.1.1, =0.2.0, =0.9.2.post1, =0.10.0 Source cves: CVE-2025-58446 Source advisory:...