CVE-2026-54771
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version 0.65.3 fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| langroid | langroid | < 0.65.3 | affected |
Weaknesses
- CWE-75: CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.