Browse all 4 CVE security advisories affecting mlc-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MLC-AI is a machine learning compiler framework optimizing AI models for deployment across hardware platforms. Historically, it has been susceptible to remote code execution and cross-site scripting vulnerabilities due to unsafe input handling in its compilation pipeline. The framework has also faced privilege escalation issues through improper access controls in its runtime environment. With four CVEs documented, these vulnerabilities primarily stem from insufficient input validation and insecure default configurations. While no major public security incidents have been reported, the consistent pattern of memory corruption flaws suggests potential for significant exploitation if unaddressed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25048 | xgrammar: Multi-layer nesting causes DoS — xgrammarCWE-674 | 7.5 | - | 2026-03-05 |
| CVE-2025-58446 | xgrammar vulnerable to denial of service by huge enum grammar — xgrammarCWE-770 | 7.5AI | HighAI | 2025-09-06 |
| CVE-2025-57809 | XGrammar affected by Denial of Service by infinite recursion grammars — xgrammarCWE-674 | 6.5AI | MediumAI | 2025-08-25 |
| CVE-2025-32381 | Denial of Service by abusing xgrammar unbounded cache in memory — xgrammarCWE-770 | 6.5 | Medium | 2025-04-09 |
This page lists every published CVE security advisory associated with mlc-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.