PatchSiren cyber security CVE debrief
CVE-2026-25048 mlc-ai CVE debrief
CVE-2026-25048 is a high-severity vulnerability in the xgrammar open-source library. The issue, caused by a multi-level nested syntax, results in a segmentation fault (core dumped). This vulnerability has been patched in version 0.1.32 of the xgrammar library. Users of the library are advised to update to the latest version to mitigate this vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7, indicating a high level of severity.
- Vendor
- mlc-ai
- Product
- xgrammar
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-05
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-05
- Advisory updated
- 2026-06-30
Who should care
Developers and users of the xgrammar open-source library should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.1.32 or later of the library. Additionally, organizations using the xgrammar library in their products or services should assess the potential impact of this vulnerability on their systems and take appropriate measures to protect against it.
Technical summary
The xgrammar open-source library, prior to version 0.1.32, is vulnerable to a segmentation fault (core dumped) due to a multi-level nested syntax issue. This vulnerability can be exploited by an attacker to cause a denial-of-service (DoS) condition. The vulnerability has been patched in version 0.1.32 of the library. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High
Recommended defensive actions
- Update to version 0.1.32 or later of the xgrammar library
- Assess the potential impact of this vulnerability on systems using the xgrammar library
- Implement compensating controls to protect against exploitation
- Monitor systems for signs of exploitation
- Review and update incident response plans to address this vulnerability
Evidence notes
The CVE-2026-25048 vulnerability was publicly disclosed on March 5, 2026, and has since been modified on June 30, 2026. The vulnerability has a CVSS score of 8.7, indicating a high level of severity. The xgrammar library is used in various products and services, and users should take steps to mitigate this vulnerability.
Official resources
-
CVE-2026-25048 CVE record
CVE.org
-
CVE-2026-25048 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.