High severityNVD Advisory· Published Mar 5, 2026· Updated Mar 5, 2026
xgrammar: Multi-layer nesting causes DoS
CVE-2026-25048
Description
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
xgrammarPyPI | < 0.1.32 | 0.1.32 |
Affected products
7- osv-coords6 versionspkg:apk/chainguard/py3.10-vllm-cuda-12.4pkg:apk/chainguard/py3.12-vllm-cuda-12.4pkg:apk/chainguard/tritonserver-backend-vllm-cuda-12.9pkg:apk/chainguard/tritonserver-backend-vllm-cuda-13.0pkg:apk/chainguard/vllm-openai-cuda-12.9pkg:pypi/xgrammar
< 0.17.1-r1+ 5 more
- (no CPE)range: < 0.17.1-r1
- (no CPE)range: < 0.17.1-r1
- (no CPE)range: < 25.9.0_git20260318-r0
- (no CPE)range: < 25.11-r3
- (no CPE)range: < 0.19.0-r0
- (no CPE)range: < 0.1.32
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-7rgv-gqhr-fxg3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25048ghsaADVISORY
- github.com/mlc-ai/xgrammar/releases/tag/v0.1.32ghsax_refsource_MISCWEB
- github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.