CVE-2025-46726

Summary

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
langroidlangroid< 0.53.4affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References