Python
CVE-2026-40319
LOW
Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionGitHub Advisory
Summary
The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs that trigger catastrophic backtracking in the regex engine, causing the process to hang indefinitely and denying service to all other operations.
giskard-checks is a local developer testing library. Check definitions, including the pattern parameter, are provided in application code or configuration files and executed locally. Exploitation requires write access to a check definition and subsequent execution of the test suite. The absence of a regex timeout could cause availability issues in automated environments such as CI/CD pipelines.
Affected component
text_matching.py, line 457: re.search(pattern, text)
Remediation
Upgrade to giskard-checks >= 1.0.2b1.
Credit
Giskard-AI thanks @dhabaleshwar for identifying the missing timeout on regex evaluation.
AnalysisAI
Denial of service in giskard-checks RegexMatching check via unguarded regex pattern matching allows local attackers with write access to check definitions to trigger catastrophic backtracking in Python's re.search() function, causing process hangs and disrupting CI/CD pipelines or automated test execution.
Technical ContextAI
The giskard-checks library is a Python package for local model testing that includes a RegexMatching check component. The vulnerability resides in text_matching.py at line 457, where user-supplied regex patterns are passed directly to Python's re.search() function without timeout enforcement, complexity validation, or pattern sanitization. Python's re module is susceptible to ReDoS (Regular Expression Denial of Service) attacks via catastrophic backtracking when given pathological patterns combined with certain input strings. The root cause is classified under CWE-1333 (Inefficient Regular Expression Complexity), which encompasses regex engines that lack safeguards against exponential-time matching behavior. Since giskard-checks is a developer-facing testing library executed in local or CI/CD environments, exploitation requires prior write access to configuration or application code defining check parameters.
RemediationAI
Upgrade giskard-checks to version 1.0.2b1 or later by executing pip install --upgrade giskard-checks>=1.0.2b1 in your Python environment. The vendor-released patch introduces timeout and complexity guards on regex evaluation to prevent catastrophic backtracking. If immediate upgrade is not feasible, review and restrict write access to check definition files and configuration sources to limit the attack surface. Additional mitigation involves disabling or removing RegexMatching checks if they are not actively used in your test suite. For detailed information, refer to the GitHub security advisory at https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-rq2q-4r55-9877.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-rq2q-4r55-9877