62 matches found
CVE-2026-55574 vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...
CVE-2026-55574 vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...
Denial Of Service (DoS)
xgrammar is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multi-level nested syntax, which can trigger a segmentation fault and crash the application...
Uncontrolled Recursion
Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Uncontrolled Recursion through the handling of multi-level nested grammar rules. An attacker can cause a segmentation fault and crash the application by submitting...
ado-vllm-performance (>=1.2.2 <=1.3.3), agentclinic (=0.1.0) +73 more potentially affected by CVE-2026-25048 via xgrammar (>=0.1.11 <=0.1.29)
xgrammar PYPI version =0.1.11, =1.2.2, =0.0.0, =2.3.5, =0.8.4, =0.2.2, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.1.0 and more Source cves: CVE-2026-25048 Source advisory: OSV:GHSA-7RGV-GQHR-FXG3...
xgrammar vulnerable to DoS via multi-layer nesting
Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...
GHSA-7RGV-GQHR-FXG3 xgrammar vulnerable to DoS via multi-layer nesting
Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...
CVE-2026-25048
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...
CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...
CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...
CVE-2026-25048
CVE-2026-25048 affects xgrammar prior to v0.1.32, where a multi-level nested syntax causes a segmentation fault (core dumped). The issue is fixed in v0.1.32. According to the provided metrics, the exposure is high impact to availability, with no impact on confidentiality or integrity. No exploit ...
CVE-2026-25048
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...
CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...
XGrammar 安全漏洞
XGrammar is a fast, flexible, and portable structured generation tool open source by mlc-ai. Versions of XGrammer before 0.1.32 have security vulnerabilities, which are caused by multi-level nested syntax leading to segmentation errors...
Denial Of Service (DoS)
xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...
EUVD-2025-29404
Malicious code in bioql PyPI...
EUVD-2025-28633
Malicious code in bioql PyPI...
EUVD-2025-10549
Malicious code in bioql PyPI...
Improper Input Validation
xgrammar is vulnerable to improper input validation. The vulnerability is due to the lack of validation on user-supplied grammars, which allows an attacker to easily trigger the flaw and potentially exploit affected tools that pass untrusted grammars to xgrammar...
CVE-2025-58446
xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24. Mitigation Upgrad...