CVE-2026-25048: xgrammar vulnerable to DoS via multi-layer nesting

March 5, 2026

The multi-level nested syntax caused a segmentation fault (core dump).

References

github.com/advisories/GHSA-7rgv-gqhr-fxg3
github.com/mlc-ai/xgrammar
github.com/mlc-ai/xgrammar/releases/tag/v0.1.32
github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3
nvd.nist.gov/vuln/detail/CVE-2026-25048

Code Behaviors & Features

Detect and mitigate CVE-2026-25048 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →