18 matches found
Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...
PT-2026-56063
Name of the Vulnerable Software and Affected Versions Langroid affected versions not specified Description A sandbox escape exists in the TableChatAgent and VectorStore components that allows for Remote Code Execution RCE. The issue occurs when agents evaluate LLM-generated tool messages with ful...
PT-2026-56085
Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.5 Description Neo4jChatAgent passes LLM-generated Cypher queries directly to the Neo4j driver without validation, a statement-type allowlist, or an opt-out gate. Because the query text can be influenced by promp...
Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...
PT-2026-55461
Name of the Vulnerable Software and Affected Versions langroid versions prior to 0.64.0 Description The SQLChatAgent in langroid implements a defense-in-depth layer via the validate query method, which uses a regex blocklist DANGEROUS SQL PATTERNS to prevent the execution of dangerous SQL...
PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent
Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...
CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...
GHSA-VG22-4GMJ-PRXW PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...
Langroid has Prompt to SQL Injection, Leading to RCE
Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...
CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...
Langroid 代码注入漏洞
Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...
GHSA-X34R-63HX-W57F Langroid has WAF Bypass Leading to RCE in TableChatAgent
Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...
Langroid has WAF Bypass Leading to RCE in TableChatAgent
Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...
Google Cloud Dialogflow CX Messenger 安全漏洞
Google Cloud Dialogflow CX Messenger is software that is a building block conversational AI platform from Google, Inc USA. A security vulnerability exists in Google Cloud Dialogflow CX Messenger that stems from an authentication bypass that could result in an unauthenticated user accessing a...
Zimbra Collaboration 代码问题漏洞
Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A code issue vulnerability exists in Zimbra Collaboration versions prior to 10.1.12, which stems from ...
Malicious Package
Overview shop-chat-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-47567 Malicious code in shop-chat-agent (npm)
The package shop-chat-agent was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c24fef9fb2ae18a423f86505fc26cb8fb7c6b2c17038ae2833ad9eea5238c79f Any computer that has this package installed or running should be considered fully...
Malicious code in shop-chat-agent (npm)
The package shop-chat-agent was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c24fef9fb2ae18a423f86505fc26cb8fb7c6b2c17038ae2833ad9eea5238c79f Any computer that has this package installed or running should be considered fully...