Advisories for Pypi/Langroid package

2026

Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid <= 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/utils/pandas_utils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to _literal_ok() returning False instead of raising UnsafeCommandError on invalid input, combined with unrestricted access to dangerous dunder attributes (init, globals, builtins). This allows chaining whitelisted DataFrame methods to leak the eval builtin …

2025

Langroid has a Code Injection vulnerability in TableChatAgent

TableChatAgent uses pandas eval(). If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection.

Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store

LanceDocChatAgent uses pandas eval() through compute_from_docs(): https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vector_store/base.py#L136-L150 As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframe_calc compromising the host system.

Langroid Allows XXE Injection via XMLToolMessage

A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information.