CVE-2026-40319
Catastrophic Backtracking in Giskard RegexMatching Causes Hang
Publication date: 2026-04-17
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| giskard | giskard | to 1.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Giskard open-source testing framework for AI models, specifically in versions prior to 1.0.2b1. The issue is in the RegexMatching check, which takes a user-supplied regular expression pattern and passes it directly to Python's re.search() function without any timeout or complexity safeguards.
A maliciously crafted regex pattern can cause catastrophic backtracking, which leads to the process hanging indefinitely. To exploit this vulnerability, an attacker needs write access to a check definition and must then execute the test suite.
This vulnerability has been fixed in giskard-checks version 1.0.2b1.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an attacker with write access to a check definition can cause the testing process to hang indefinitely by supplying a crafted regex pattern. This can lead to denial of service conditions where the test suite becomes unresponsive.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade giskard-checks to version 1.0.2b1 or later, where the issue has been fixed.
Additionally, restrict write access to check definitions to prevent untrusted users from supplying malicious regular expressions.