3 vulnerabilities across 1 product scored HIGH or above on July 10, 2026.
- π HIGH: 3
π [HIGH] langroid/langroid
3 CVEs | CVSS 3.1: 10.0 | AAS 11.2
cpe:2.3:a:langroid:langroid:*:*:*:*:*:*:*:*
Langroid β Critical Sandbox Escape and Remote Code Execution
Langroid, an open-source framework for building LLM-powered applications, is affected by 3 vulnerabilities including at least one rated CVSS 10.0. The most severe issue involves a sandbox escape in the TableChatAgent and VectorStore components, where LLM-generated tool messages evaluated with full_eval=True can bypass the incomplete sandboxing of Python’s eval() function, leading to remote code execution. Organizations using Langroid to build AI-powered agents or data pipelines should treat this as critical, as exploitation is feasible and could allow full system compromise. Teams should upgrade to version 0.65.2 or later immediately and review the vendor advisory at the linked GitHub Security Advisory for additional details on all three vulnerabilities.
- π CVE-2026-54769 (CVSS 3.1: 10.0)
- π CVE-2026-55615 (CVSS 4.0: 9.2)
- π CVE-2026-54760 (CVSS 4.0: 9.3)