4 matches found
CVE-2026-25481
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...
GHSA-X34R-63HX-W57F Langroid has WAF Bypass Leading to RCE in TableChatAgent
Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...
CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent
Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...
CVE-2025-46724
creationtimestamp| type| source ---|---|--- 2025-05-20 15:54:09+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj 2025-05-20 17:43:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17025 2025-05-29 21:30:15+00:00| seen|...