3 matches found
CVE-2025-46726
Langroid prior to 0.53.4 is vulnerable via the XMLToolMessage class to untrusted XML input, enabling DoS and potential disclosure of local files. The issue is mitigated by upgrading to version 0.53.4, which initializes the XML parser with safeguards against XXE, billionaire laughs, and external D...
CVE-2025-46726 Langroid Vulnerable to XXE Injection via XMLToolMessage
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes th...
CVE-2025-46726
creationtimestamp| type| source ---|---|--- 2025-05-05 16:03:18+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f 2025-05-05 20:20:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14979 2025-05-06...