NIXPKGS-2026-0525

GitHub issue published on

Permalink CVE-2026-25048

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse accepted 1 month, 2 weeks ago
@LeSuisse published on GitHub 1 month, 2 weeks ago

xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.

References

https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3 x_refsource_CONFIRM
https://github.com/mlc-ai/xgrammar/releases/tag/v0.1.32 x_refsource_MISC

Affected products

xgrammar

==< 0.1.32

Matching in nixpkgs

pkgs.python312Packages.xgrammar

Efficient, Flexible and Portable Structured Generation

nixos-25.11 0.1.24
- nixos-25.11-small 0.1.24
- nixpkgs-25.11-darwin 0.1.24

pkgs.python313Packages.xgrammar

Efficient, Flexible and Portable Structured Generation

nixos-unstable 0.1.31
- nixpkgs-unstable 0.1.31
- nixos-unstable-small 0.1.31
nixos-25.11 0.1.24
- nixos-25.11-small 0.1.24
- nixpkgs-25.11-darwin 0.1.24

pkgs.python314Packages.xgrammar

Efficient, Flexible and Portable Structured Generation

nixos-unstable 0.1.31
- nixpkgs-unstable 0.1.31
- nixos-unstable-small 0.1.31

pkgs.pkgsRocm.python3Packages.xgrammar

Efficient, Flexible and Portable Structured Generation

nixos-unstable 0.1.31
- nixpkgs-unstable 0.1.31
- nixos-unstable-small 0.1.31
nixos-25.11 0.1.24
- nixos-25.11-small 0.1.24
- nixpkgs-25.11-darwin 0.1.24

Upstream advisory: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0525

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.xgrammar

pkgs.python313Packages.xgrammar

pkgs.python314Packages.xgrammar

pkgs.pkgsRocm.python3Packages.xgrammar