CVE-2025-46726

High CVSS: 7.8

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

Vendor

Langroid

Product

Langroid

CWE

CWE-611

Yayın Tarihi

2025-05-05 20:15:21

Güncelleme

2025-08-01 21:28:36

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-611 Langroid HIGH Langroid 2025

Referanslar

https://github.com/langroid/langroid/blob/df6227e6c079ec22bb2768498423148d6685acff/langroid/agent/xml_tool_message.py#L51-L52 https://github.com/langroid/langroid/commit/36e7e7db4dd1636de225c2c66c84052b1e9ac3c3 https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f

Benzer Kayıtlar

Critical

CVE-2026-25481

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a byp…

Critical

CVE-2025-46724

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `Tabl…

High

CVE-2025-46725

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `Lanc…