VYPR
High severityNVD Advisory· Published May 5, 2025· Updated May 5, 2025

Langroid Vulnerable to XXE Injection via XMLToolMessage

CVE-2025-46726

Description

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
langroidPyPI
< 0.53.40.53.4

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.