{"id":"CVE-2026-25048","summary":"xgrammar: Multi-layer nesting causes DoS","details":"xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.","aliases":["GHSA-7rgv-gqhr-fxg3"],"modified":"2026-04-10T05:39:50.872422Z","published":"2026-03-05T15:34:42.095Z","related":["CGA-896f-hfmj-gc44"],"database_specific":{"cwe_ids":["CWE-674"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25048.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/mlc-ai/xgrammar/releases/tag/v0.1.32"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25048.json"},{"type":"ADVISORY","url":"https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25048"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mlc-ai/xgrammar","events":[{"introduced":"0"},{"fixed":"62e13551b9b63251114894c5ee638564b160dd48"}]}],"versions":["v0.1.10","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.18","v0.1.19","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.30","v0.1.31","v0.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25048.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}