Lucene search
K

4 matches found

NVD
NVD
added 2026/02/04 8:16 p.m.12 views

CVE-2026-25481

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

9.6CVSS0.00648EPSS
Exploits1References3
OSV
OSV
added 2026/02/02 8:42 p.m.4 views

GHSA-X34R-63HX-W57F Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.4CVSS6.1AI score0.00648EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/05/20 5:22 p.m.18 views

CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...

9.8CVSS0.00748EPSS
Exploits1References2
Circl
Circl
added 2025/05/20 3:54 p.m.10 views

CVE-2025-46724

creationtimestamp| type| source ---|---|--- 2025-05-20 15:54:09+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj 2025-05-20 17:43:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17025 2025-05-29 21:30:15+00:00| seen|...

9.8CVSS5.7AI score0.00748EPSS
Exploits1References4
Rows per page
Query Builder