Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25048

Опубликовано: 05 мар. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.

A flaw was found in xgrammar, an open-source library for structured generation. This vulnerability allows an attacker to trigger a segmentation fault, causing the program to crash and resulting in a Denial of Service (DoS). The issue occurs due to improper handling of multi-level nested syntax.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat AI Inference Serverrhaiis-preview/vllm-cuda-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-cuda-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-rocm-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-tpu-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-aws-cuda-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-azure-cuda-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-cuda-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-gcp-cuda-rhel9Affected
Red Hat OpenShift AI (RHOAI)rhoai/odh-kserve-agent-rhel9Affected
Red Hat OpenShift AI (RHOAI)rhoai/odh-kserve-controller-rhel9Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=2444840xgrammar: xgrammar: Denial of Service via multi-level nested syntax

EPSS

Процентиль: 16%
0.00052
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-25048

CVSS3: 7.5
nvd
23 дня назад

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.

debian логотип

CVE-2026-25048

CVSS3: 7.5
debian
23 дня назад

xgrammar is an open-source library for efficient, flexible, and portab ...

github логотип

GHSA-7rgv-gqhr-fxg3

github
23 дня назад

xgrammar vulnerable to DoS via multi-layer nesting

EPSS

Процентиль: 16%
0.00052
Низкий

7.5 High

CVSS3