CVE-2026-25481

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/utils/pandas_utils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to _literal_ok() returning False instead of raising UnsafeCommandError on invalid input, combined with unrestricted access to dangerous dunder attributes (__init__, __globals__, __builtins__). This allows chaining whitelisted DataFrame methods to leak the eval builtin and execute arbitrary code. This issue has been patched in version 0.59.32.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/langroid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfdabdb603ea	Patch
https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj	Vendor Advisory
https://github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57f	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:langroid:langroid:*:*:*:*:*:*:*:*

History

20 Feb 2026, 21:20

Type	Values Removed	Values Added
First Time		Langroid langroid Langroid
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.6
CPE		cpe:2.3:a:langroid:langroid::::::::
Summary		(es) Langroid es un framework para construir aplicaciones impulsadas por modelos de lenguaje grandes. Antes de la versión 0.59.32, existe un bypass para la corrección de CVE-2025-46724. TableChatAgent puede llamar a la herramienta pandas_eval para evaluar la expresión. Existe un WAF en langroid/utils/pandas_utils.py introducido para bloquear la inyección de código CVE-2025-46724. Sin embargo, puede ser evadido debido a que _literal_ok() devuelve False en lugar de lanzar UnsafeCommandError en una entrada inválida, combinado con el acceso sin restricciones a atributos dunder peligrosos (__init__, __globals__, __builtins__). Esto permite encadenar métodos de DataFrame en lista blanca para filtrar el builtin eval y ejecutar código arbitrario. Este problema ha sido parcheado en la versión 0.59.32.
References	~~() https://github.com/langroid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfdabdb603ea -~~	() https://github.com/langroid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfdabdb603ea - Patch
References	~~() https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj -~~	() https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj - Vendor Advisory
References	~~() https://github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57f -~~	() https://github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57f - Exploit, Vendor Advisory

04 Feb 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-04 20:16

Updated : 2026-02-20 21:20

NVD link : CVE-2026-25481

Mitre link : CVE-2026-25481

CVE.ORG link : CVE-2026-25481

JSON object : View

Products Affected

langroid

langroid

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.6 /10