CVE-2026-40319

Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1

Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search() function without a timeout, complexity guard, or pattern validation. A crafted regex pattern can trigger catastrophic backtracking, which is a state where the regex engine takes an exponential amount of time to determine if a string matches a pattern, causing the process to hang indefinitely and resulting in a denial of service. Exploitation requires write access to a check definition and subsequent execution of the test suite, which could impact availability in automated environments such as CI/CD pipelines. The issue is located in text matching.py within the re.search(pattern, text) call.

Recommendations Update to version 1.0.2b1 or later.