Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Parser crash is reachable over the network with no auth or interaction when Qiskit ingests untrusted input; impact is availability only, no confidentiality or integrity loss.
Primary rating from Vendor (ibm).
CVSS VectorVendor: ibm
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
AnalysisAI
Denial of service in IBM Qiskit SDK versions 0.43.0 through 2.5.0 allows remote attackers to crash the parser via uncontrolled recursion, triggering a segmentation fault. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network-reachable exploitation with high availability impact, though no public exploit identified at time of analysis. Affects quantum-computing workloads that ingest untrusted Qiskit/OpenQASM input.
Technical ContextAI
Qiskit SDK is IBM's open-source Python framework for building, transpiling, and running quantum circuits, widely used to interact with IBM Quantum hardware and simulators. The flaw resides in the SDK's parser component, which recurses without bounds on attacker-controlled input - a classic CWE-674 (Uncontrolled Recursion) class issue that exhausts the stack and produces a SIGSEGV in the underlying CPython process. The CPE 'cpe:2.3:a:ibm:qiskit_sdk:*' confirms the application-level scope, meaning any service or notebook that parses Qiskit source (e.g., OpenQASM or serialized circuits) from a non-trusted source inherits the risk.
RemediationAI
Patch available per vendor advisory - upgrade Qiskit SDK to the fixed release identified in IBM's bulletin at https://www.ibm.com/support/pages/node/7276123 (exact fix version not enumerated in the provided intelligence, so confirm against that advisory before deploying). As compensating controls while patching, refuse to parse Qiskit/OpenQASM/QPY artifacts from untrusted sources, place parsing inside a sandboxed worker process with a Python recursion limit (sys.setrecursionlimit) and an OS-level stack/CPU rlimit so a crash kills only the worker, and add size and nesting-depth checks at the API boundary that accepts circuit submissions; the trade-off is that legitimate deeply-nested circuits may be rejected and worker restarts add latency.
Same weakness CWE-674 – Uncontrolled Recursion
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36575