PyPI: xgrammar
CVE-2026-25048
Safety vulnerability ID: SFTY-20260305-47265
Safety legacy ID: pyup.io-88435
Affected versions of the xgrammar package are vulnerable to Denial of Service (DoS) due to uncontrolled recursion and resource consumption when parsing deeply nested grammar rules. The vulnerability exists in GrammarCompiler.compile_grammar, which processes attacker-supplied grammar definitions and can be driven into a stack overflow or memory exhaustion by a malicious rule containing approximately 30,000 layers of nested parentheses.
Overview
xgrammar vulnerable to DoS via multi-layer nesting
Advisory
Affected versions of the xgrammar package are vulnerable to Denial of Service (DoS) due to uncontrolled recursion and resource consumption when parsing deeply nested grammar rules. The vulnerability exists in GrammarCompiler.compile_grammar, which processes attacker-supplied grammar definitions and can be driven into a stack overflow or memory exhaustion by a malicious rule containing approximately 30,000 layers of nested parentheses.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260305-47265/CVE-2026-25048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25048
- https://github.com/advisories/GHSA-7rgv-gqhr-fxg3
- https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3
- https://github.com/mlc-ai/xgrammar/releases/tag/v0.1.32
- https://nvd.nist.gov/vuln/detail/CVE-2026-25048
- https://github.com/advisories/GHSA-7rgv-gqhr-fxg3
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more