216.73.217.64

CVE-2026-40319

· Published 17/04/2026 18:16 · Modified 17/04/2026 19:01

Labels: CVE-2026-40319 2026-04-17CVE-2026-40319CWE-1333[email protected]

Essential information

Published
17/04/2026 18:16
Modified
17/04/2026 19:01
Author
Creator
CVSS
1.0 LOW (v3) 1.0 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking, causing the process to hang indefinitely. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
giskard / giskard-checks cpe:2.3:a:giskard:giskard-checks:<1.0.2b1:*:*:*:*:*:*:*

References