CVE-2026-25481
- EPSS 0.05%
- Veröffentlicht 04.02.2026 20:03:32
- Zuletzt bearbeitet 20.02.2026 21:20:25
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid...
CVE-2025-46725
- EPSS 0.11%
- Veröffentlicht 20.05.2025 17:24:31
- Zuletzt bearbeitet 13.08.2025 16:37:02
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malici...
CVE-2025-46724
- EPSS 0.07%
- Veröffentlicht 20.05.2025 17:22:13
- Zuletzt bearbeitet 17.06.2025 14:11:48
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vuln...
CVE-2025-46726
- EPSS 0.45%
- Veröffentlicht 05.05.2025 19:21:19
- Zuletzt bearbeitet 01.08.2025 21:28:36
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files wi...