VDB
KO
HIGH 7.5

PYSEC-2026-2054

XGrammar affected by Denial of Service by infinite recursion grammars

Details

### Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / xgrammar
Introduced in: 0 Fixed in: 0.1.21
Fix pip install --upgrade 'xgrammar>=0.1.21'

References