Browse all 4 CVE security advisories affecting langroid. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Langroid is an AI framework for building language model applications, primarily used for developing conversational agents and text processing tools. Historically, it has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure deserialization. The framework's dynamic code execution capabilities have introduced additional risks, with privilege escalation occurring in certain configurations. While no major public incidents have been widely reported, the four documented CVEs highlight consistent patterns of insecure coding practices, particularly in how user-supplied data is handled and executed within the application's runtime environment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25481 | Langroid has WAF Bypass Leading to RCE in TableChatAgent — langroidCWE-94 | 9.1AI | CriticalAI | 2026-02-04 |
| CVE-2025-46725 | Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store — langroidCWE-94 | 10.0AI | CriticalAI | 2025-05-20 |
| CVE-2025-46724 | Langroid has a Code Injection vulnerability in TableChatAgent — langroidCWE-94 | 9.8 | Critical | 2025-05-20 |
| CVE-2025-46726 | Langroid Vulnerable to XXE Injection via XMLToolMessage — langroidCWE-611 | 8.1AI | HighAI | 2025-05-05 |
This page lists every published CVE security advisory associated with langroid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.