Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 4 days ago6 views

Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...

10CVSS6.3AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56063

Name of the Vulnerable Software and Affected Versions Langroid affected versions not specified Description A sandbox escape exists in the TableChatAgent and VectorStore components that allows for Remote Code Execution RCE. The issue occurs when agents evaluate LLM-generated tool messages with ful...

10CVSS6.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56085

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.5 Description Neo4jChatAgent passes LLM-generated Cypher queries directly to the Neo4j driver without validation, a statement-type allowlist, or an opt-out gate. Because the query text can be influenced by promp...

9.2CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/07/02 5:42 p.m.8 views

Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS6.1AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55461

Name of the Vulnerable Software and Affected Versions langroid versions prior to 0.64.0 Description The SQLChatAgent in langroid implements a defense-in-depth layer via the validate query method, which uses a regex blocklist DANGEROUS SQL PATTERNS to prevent the execution of dangerous SQL...

8.7CVSS6.3AI score
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent

Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

9.8CVSS5.8AI score0.00741EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/01 10:27 p.m.9 views

CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 10:31 p.m.12 views

GHSA-VG22-4GMJ-PRXW PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

9.8CVSS6.3AI score0.00084EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 7:38 p.m.13 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...

9.8CVSS6.6AI score0.00409EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/04 8:3 p.m.31 views

CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

9.4CVSS0.00648EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Langroid 代码注入漏洞

Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...

9.6CVSS6.8AI score0.00648EPSS
Exploits1References3
OSV
OSV
added 2026/02/02 8:42 p.m.4 views

GHSA-X34R-63HX-W57F Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.4CVSS6.1AI score0.00648EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/02/02 8:42 p.m.9 views

Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.8CVSS6.1AI score0.00741EPSS
Exploits2References7Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

Google Cloud Dialogflow CX Messenger 安全漏洞

Google Cloud Dialogflow CX Messenger is software that is a building block conversational AI platform from Google, Inc USA. A security vulnerability exists in Google Cloud Dialogflow CX Messenger that stems from an authentication bypass that could result in an unauthenticated user accessing a...

6.9CVSS7AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.3 views

Zimbra Collaboration 代码问题漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A code issue vulnerability exists in Zimbra Collaboration versions prior to 10.1.12, which stems from ...

5CVSS6.8AI score0.00238EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/25 4:10 a.m.2 views

Malicious Package

Overview shop-chat-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/25 4:10 a.m.2 views

MAL-2025-47567 Malicious code in shop-chat-agent (npm)

The package shop-chat-agent was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c24fef9fb2ae18a423f86505fc26cb8fb7c6b2c17038ae2833ad9eea5238c79f Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/25 4:10 a.m.3 views

Malicious code in shop-chat-agent (npm)

The package shop-chat-agent was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c24fef9fb2ae18a423f86505fc26cb8fb7c6b2c17038ae2833ad9eea5238c79f Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References3
Rows per page
Query Builder