97 matches found
CVE-2026-50180
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...
CVE-2026-54771
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2026-54769
Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents evaluate LLM-generated tool messages with...
CVE-2026-55615
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
CVE-2026-54771 Langroid: handle_message() executes user-supplied tool JSON without sender verification
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...
CVE-2026-54771
Langroid prior to 0.65.3 is affected. A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Root cause: the tool dispatch path in agent_response → handle_message → get...
CVE-2026-54769 Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents evaluate LLM-generated tool messages with...
CVE-2026-54769
Langroid versions prior to 0.65.2 are affected by a critical Sandbox Escape leading to Remote Code Execution via incomplete mitigation in the TableChatAgent and VectorStore. The root cause is the use of eval() with an empty locals dict under full_eval=True, where builtins is not scrubbed from glo...
CVE-2026-54769 Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents evaluate LLM-generated tool messages with...
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2026-54760
CVE-2026-54760: Langroid’s SQLChatAgent dangerous-function blocklist can be bypassed. Prior to version 0.65.1, the mitigation combines a raw-text regex (_DANGEROUS_SQL_PATTERNS) with a sqlglot-based SELECT-only allowlist. Attackers can defeat the regex using PostgreSQL forms such as quoted identi...
CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...
CVE-2026-50181
CVE-2026-50181 affects Langroid up to version 0.63.0, where ReadFileTool and WriteFileTool incorrectly trust curr_dir as a boundary. The tools change the process working directory to curr_dir and then operate on user-supplied file_path without resolving that the final path remains inside curr_dir...
CVE-2026-50180 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...
CVE-2026-50180
Summary: CVE-2026-50180 in Langroid’s SQLChatAgent allows arbitrary PostgreSQL file reads due to an incomplete DANGEROUS_SQL_PATTERNS blocklist. The blocklist misses several pg_read * and related functions (e.g., pg_read_file, pg_stat_file, pg_ls_logdir, pg_ls_waldir, pg_current_logfile) and does...
CVE-2026-55615
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...