Langroid has WAF Bypass Leading to RCE in TableChatAgent
Description
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/utils/pandas_utils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to _literal_ok() returning False instead of raising UnsafeCommandError on invalid input, combined with unrestricted access to dangerous dunder attributes (__init__, __globals__, __builtins__). This allows chaining whitelisted DataFrame methods to leak the eval builtin and execute arbitrary code. This issue has been patched in version 0.59.32.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langroidPyPI | < 0.59.32 | 0.59.32 |
Affected products
2- Range: < 0.59.32
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x34r-63hx-w57fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25481ghsaADVISORY
- github.com/langroid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfdabdb603eaghsax_refsource_MISCWEB
- github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hjghsax_refsource_MISCWEB
- github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.