PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-25048 mlc-ai CVE debrief

CVE-2026-25048 is a high-severity vulnerability in the xgrammar open-source library. The issue, caused by a multi-level nested syntax, results in a segmentation fault (core dumped). This vulnerability has been patched in version 0.1.32 of the xgrammar library. Users of the library are advised to update to the latest version to mitigate this vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7, indicating a high level of severity.

Vendor
mlc-ai
Product
xgrammar
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-05
Original CVE updated
2026-06-30
Advisory published
2026-03-05
Advisory updated
2026-06-30

Who should care

Developers and users of the xgrammar open-source library should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.1.32 or later of the library. Additionally, organizations using the xgrammar library in their products or services should assess the potential impact of this vulnerability on their systems and take appropriate measures to protect against it.

Technical summary

The xgrammar open-source library, prior to version 0.1.32, is vulnerable to a segmentation fault (core dumped) due to a multi-level nested syntax issue. This vulnerability can be exploited by an attacker to cause a denial-of-service (DoS) condition. The vulnerability has been patched in version 0.1.32 of the library. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High

Recommended defensive actions

  • Update to version 0.1.32 or later of the xgrammar library
  • Assess the potential impact of this vulnerability on systems using the xgrammar library
  • Implement compensating controls to protect against exploitation
  • Monitor systems for signs of exploitation
  • Review and update incident response plans to address this vulnerability

Evidence notes

The CVE-2026-25048 vulnerability was publicly disclosed on March 5, 2026, and has since been modified on June 30, 2026. The vulnerability has a CVSS score of 8.7, indicating a high level of severity. The xgrammar library is used in various products and services, and users should take steps to mitigate this vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.