CVE-2026-40319 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression patte…
Low CVSS: 1.0

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking, causing the process to hang indefinitely. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.
Vendor
-
Product
-
CWE
CWE-1333
Yayın Tarihi
2026-04-17 18:16:32
Güncelleme
2026-04-17 19:01:56
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1333 LOW 2026

Referanslar

https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1 https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-rq2q-4r55-9877