CVE-2026-40319— Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40319
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Source: NVD (National Vulnerability Database)
Vulnerability Description
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking, causing the process to hang indefinitely. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1333
Source: NVD (National Vulnerability Database)
Vulnerability Title
Giskard 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Giskard是Giskard开源的一个人工智能系统的评估与测试框架。 Giskard 1.0.2b1之前版本存在安全漏洞,该漏洞源于将用户提供的正则表达式直接传递给re.search函数,可能导致正则表达式拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Giskard-AI | giskard-oss | < 1.0.2b1 | - |
II. Public POCs for CVE-2026-40319
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40319
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-1333
- CVE-2026-33079
Mistune ReDoS in LINK_TITLE_RE allows denial of service with - CVE-2026-41040
GROWI 安全漏洞 - CVE-2026-5986
Zod jsVideoUrlParser util.js getTime redos - CVE-2026-35041
ReDoS in fast-jwt when using RegExp in allowed* leading to C - CVE-2026-35611
Addressable has a Regular Expression Denial of Service in Ad
V. Comments for CVE-2026-40319
No comments yet