CVE-2025-46725

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, LanceDocChatAgent uses pandas eval through computefromdocs. As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc compromising t...

CVE-2025-46724

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of pandas eval function. An attacker can execute arbitrary code by supplying malicious input to this function. This is only exploitable if t...

Langroid 代码注入漏洞

Langroid is a Langroid open source tool for developing LLMs using multi-agent programming. A code injection vulnerability exists in Langroid versions prior to 0.53.15, which stems from TableChatAgent's use of pandas eval to process unauthenticated user input, which could lead to code injection...

Langroid 代码注入漏洞

Langroid is a Langroid open source tool for developing LLMs using multi-agent programming. A code injection vulnerability exists in Langroid versions prior to 0.53.15, which stems from LanceDocChatAgent processing unauthenticated user input using pandas eval via computefromdocs, which could lead ...