CVE-2026-54769

Langroid · Langroid

Langroid versions prior to 0.65.2 contain a sandbox escape vulnerability in its TableChatAgent and VectorStore capabilities, allowing unauthenticated Remote Code Execution via malicious LLM prompts.

Executive summary

A critical sandbox escape and remote code execution vulnerability exists in the Langroid framework, enabling unauthenticated attackers to execute arbitrary code on the host system.

Vulnerability

The vulnerability stems from an incomplete sanitization of Python's execution environment during eval() calls. By failing to scrub __builtins__ from the global dictionary, the framework allows LLM-generated tool messages to bypass sandbox restrictions and gain access to sensitive functions such as os.system(), resulting in unauthenticated RCE.

Business impact

This vulnerability carries a CVSS score of 10.0, indicating the highest possible severity. An attacker can achieve complete control over the host system, facilitating data theft, ransomware deployment, or total system destruction. The unauthenticated nature of the attack vector makes this highly attractive to threat actors targeting AI-integrated infrastructure.

Remediation

Immediate Action: Upgrade the Langroid framework to version 0.65.2 or later immediately.

Proactive Monitoring: Monitor application logs for anomalous system calls or unexpected process execution patterns originating from the Langroid framework.

Compensating Controls: Deploy a Web Application Firewall (WAF) or input validation layer to inspect and sanitize prompts before they are processed by the LLM agents, though this is not a substitute for patching.

Exploitation status

Public Exploit Available: False

Analyst recommendation

The critical nature of this vulnerability, combined with the ease of exploitation, necessitates an immediate update to version 0.65.2. Organizations utilizing Langroid to process external LLM inputs must prioritize this remediation to prevent full system compromise.