Intel

AIKIDO-2026-878974

google-adk is vulnerable to Regular Expression Denial of Service (ReDoS)

Regular Expression Denial of Service (ReDoS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jun 25, 2026

59

Medium Risk

This Affects:

PYTHONgoogle-adk
0.0.2 - 2.2.0
Fixed in 2.3.0
Are you affected? Scan for Free

TL;DR

The google-adk code executor extracts code blocks from model response text using a regular expression that combines nested lazy wildcards with DOTALL matching. When a response contains an opening code-block delimiter but no matching trailing delimiter, the pattern enters catastrophic backtracking that scales quadratically with the input length. Processing a large delimiter-free or unterminated response then consumes CPU for an extended period and stalls the agent turn, blocking execution and bypassing configured timeouts. The fix replaces the regular expression with a linear string search that locates delimiters without backtracking.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your agents use a code executor that processes large or untrusted model responses.

Background info

google-adk is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 0.0.2 - 2.2.0.

How to fix this

Upgrade the google-adk library to the patch version.