CVE-2026-25048

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25048

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25048.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25048

Aliases

GHSA-7rgv-gqhr-fxg3

Related

CGA-896f-hfmj-gc44

Published

2026-03-05T15:34:42.095Z

Modified

2026-04-10T05:39:50.872422Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

xgrammar: Multi-layer nesting causes DoS

Details

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-674"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25048.json"
}

References

Affected packages

Git / github.com/mlc-ai/xgrammar

Affected ranges

Type: GIT
Repo: https://github.com/mlc-ai/xgrammar
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

62e13551b9b63251114894c5ee638564b160dd48

Affected versions

v0.*

v0.1.10

v0.1.11

v0.1.12

v0.1.13

v0.1.14

v0.1.15

v0.1.16

v0.1.18

v0.1.19

v0.1.21

v0.1.22

v0.1.23

v0.1.24

v0.1.25

v0.1.26

v0.1.27

v0.1.28

v0.1.29

v0.1.30

v0.1.31

v0.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25048.json"