Lucene search
+L

97 matches found

cve
cve
added last week27 views

CVE-2026-55615

Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...

9.2CVSS6AI score0.00461EPSS
Exploits0References2
osv
osv
added last week2 views

CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS6.1AI score0.00461EPSS
Exploits0References4
veracode
veracode
added 2026/07/08 9:42 a.m.7 views

Arbitrary Code Injection

Langroid is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper sandboxing of Python eval that fails to remove builtins, which allows an attacker to execute arbitrary operating system commands through crafted LLM-generated tool messages...

10CVSS6.3AI score0.00912EPSS
Exploits0References3Affected Software1
circl
circl
added 2026/07/06 10:35 p.m.7 views

CVE-2026-54771

creationtimestamp| type| source ---|---|--- 2026-07-06 22:35:22+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q 2026-07-10 01:00:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqax4od5hu2i 2026-07-10...

8.1CVSS6.1AI score0.00392EPSS
Exploits0References4
osv
osv
added 2026/07/06 9:22 p.m.8 views

GHSA-2PQ5-3Q89-J7CC Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.2CVSS5.9AI score0.00461EPSS
Exploits0References2
snyk
snyk
added 2026/07/06 9:22 p.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...

9.2CVSS6.2AI score0.00461EPSS
Exploits0References2
osv
osv
added 2026/07/06 8:42 p.m.3 views

GHSA-GJGQ-W2M6-WR5Q Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...

8.1CVSS6AI score0.00392EPSS
Exploits0References2
github
github
added 2026/07/06 8:42 p.m.5 views

Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...

8.1CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/07/06 8:42 p.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the handlemessage process. An attacker can execute arbitrary tool handlers by...

8.6CVSS6.1AI score0.00392EPSS
Exploits0References2
osv
osv
added 2026/07/06 8:42 p.m.8 views

GHSA-Q9P7-WQXG-MRHC Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...

10CVSS6.3AI score0.00912EPSS
Exploits0References2
snyk
snyk
added 2026/07/06 8:42 p.m.5 views

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection in the eval process used by certain agent components when evaluating external input with fulleval=True. An attacker can execute arbitrary system commands b...

10CVSS6.2AI score0.00912EPSS
Exploits0References2
snyk
snyk
added 2026/07/06 8:39 p.m.5 views

SQL Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to SQL Injection through the SQLChatAgent process. An attacker can access arbitrary files on the server by crafting SQL queries that bypass the regex-based blocklist using quoted...

9.8CVSS6.2AI score0.00646EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.16 views

PT-2026-56064

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.3 Description An application using this framework that exposes a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads. This occurs even when tools are registered with use=Fals...

8.1CVSS6AI score0.00392EPSS
Exploits0References14
circl
circl
added 2026/07/02 6:35 p.m.11 views

CVE-2026-50181

creationtimestamp| type| source ---|---|--- 2026-07-02 18:35:09+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5 2026-07-13 22:00:06+00:00| seen| https://t.me/GithubRedTeam/92599 2026-07-14 00:00:10+00:00| seen|...

7.1CVSS6.1AI score0.00184EPSS
Exploits1References2
circl
circl
added 2026/07/02 6:35 p.m.12 views

CVE-2026-50180

creationtimestamp| type| source ---|---|--- 2026-07-02 18:35:07+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-pmch-g965-grmr 2026-07-10 02:52:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqb5e3hzmq2l...

8.7CVSS5.9AI score0.00686EPSS
Exploits0References2
osv
osv
added 2026/07/02 5:42 p.m.5 views

GHSA-PMCH-G965-GRMR Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References3
snyk
snyk
added 2026/07/02 5:42 p.m.4 views

SQL Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to SQL Injection via insufficient filtering in the validatequery process. An attacker can access arbitrary files on the database host and perform filesystem reconnaissance by injectin...

8.7CVSS6.2AI score0.00686EPSS
Exploits0References3
github
github
added 2026/07/02 5:38 p.m.14 views

Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3Affected Software1
snyk
snyk
added 2026/07/02 5:38 p.m.5 views

Relative Path Traversal

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Relative Path Traversal through improper validation of user-supplied file paths in the ReadFileTool and WriteFileTool components. An attacker can access or modify files outside the...

8.4CVSS6AI score0.00184EPSS
Exploits1References3
osv
osv
added 2026/07/02 5:38 p.m.6 views

GHSA-FG23-3346-88F5 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3
Rows per page
Query Builder