Primary

Context

Giskard RegexMatching Check Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the RegexMatching check of the Giskard testing framework for AI models, in versions prior to 1.0.2b1. The issue arises because user-supplied regular expression patterns are passed directly to Python's re.search() function without any timeout or complexity validation. This can lead to catastrophic backtracking, causing the process to hang indefinitely. Exploitation requires write access to a check definition and the execution of the test suite, potentially disrupting automated workflows such as CI/CD pipelines.

Impact

Exploitation of this vulnerability can cause the process to hang indefinitely, leading to availability issues, especially in automated environments like CI/CD pipelines.

Remediation

Users can upgrade to Giskard version 1.0.2b1 or later to address this vulnerability.

Added: Apr 17, 2026, 6:30 PM

Updated: Apr 17, 2026, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Giskard RegexMatching Check Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating