CVE-2026-40319

UNKNOWN 0.0

Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking, causing the process to hang indefinitely. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.

CWE	CWE-1333
Vendor	giskard-ai
Product	giskard-oss
Published	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for giskard-ai giskard-oss

Be the first to know when new unknown vulnerabilities affecting giskard-ai giskard-oss are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Giskard-AI / giskard-oss

< 1.0.2b1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-rq2q-4r55-9877 github.com: https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1