Vulnerability in Giskard-ai Giskard-oss

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A…

Vulnerability class: ReDoS (Regular Expression Denial of Service)

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

Affected products

Giskard-ai Giskard-oss — versions < 1.0.2b1

Weakness classification (CWE)

CWE-1333 — Inefficient Regular Expression Complexity

References

https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-rq2q-4r55-9877 (x_refsource_CONFIRM)
https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1 (x_refsource_MISC)