CVE-2026-50181
Received Received - Intake

Path Traversal in Langroid File Tools

Vulnerability report for CVE-2026-50181, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operations. However, the tools only change the process working directory to `curr_dir` and then operate on the user-supplied `file_path` without resolving and enforcing that the final path remains inside `curr_dir`. As a result, a tool caller can supply path traversal sequences such as `../secret.txt` to read files outside the configured current directory, or `../written_by_tool.txt` to write files outside that directory. This can impact applications that expose Langroid file tools to an LLM agent, user-controlled tool call, or delegated coding/documentation agent while relying on `curr_dir` to restrict file access to a project/workspace directory. Version 0.64.0 patches the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
langroid langroid 0.64.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50181 is a path traversal vulnerability in the Langroid framework's file tools, specifically the ReadFileTool and WriteFileTool. These tools were designed to restrict file operations to a configured directory (curr_dir) by changing the process working directory to curr_dir. However, they did not properly validate or resolve user-supplied file paths to ensure they remained within curr_dir.

Because of this, an attacker could supply path traversal sequences like "../secret.txt" to read or write files outside the intended directory boundary. This means files outside the project or workspace directory could be accessed or modified, bypassing the intended security restrictions.

The issue was fixed by introducing a safe path resolution function that validates and enforces that file paths stay within the allowed directory, blocking attempts to escape via parent directory references, absolute paths, or symlinks.

Impact Analysis

This vulnerability can allow unauthorized reading or writing of files outside the intended project or workspace directory. An attacker or malicious agent could access sensitive files or modify critical files on the system by exploiting the path traversal flaw.

Applications that expose Langroid's file tools to large language model agents, user-controlled tool calls, or delegated coding/documentation agents are particularly at risk if they rely on curr_dir to restrict file access.

The impact includes potential exposure of confidential information and unauthorized modification of files, which can compromise the confidentiality and integrity of the system.

Detection Guidance

This vulnerability can be detected by testing whether the Langroid file tools (ReadFileTool, WriteFileTool, ListDirTool) improperly allow path traversal sequences such as "../" to access files outside the intended directory.

One approach is to attempt to read or write files using these tools with paths that include parent directory references or absolute paths and observe if the operations succeed outside the configured current directory.

Since the vulnerability involves path traversal, commands or test scripts can be constructed to invoke these tools with payloads like "../secret.txt" or absolute paths to check if unauthorized file access is possible.

Specifically, you can run tests that try to read or write files outside the workspace directory using the vulnerable tools and verify if such operations are blocked or allowed.

Mitigation Strategies

The immediate mitigation step is to upgrade Langroid to version 0.64.0 or later, where the vulnerability has been patched.

The patch introduces a safe path resolution function that validates and enforces that file operations remain within the configured directory, blocking path traversal attempts.

If upgrading is not immediately possible, ensure that any exposure of Langroid's file tools to untrusted users, LLM agents, or delegated code/documentation agents is restricted or disabled to prevent exploitation.

Additionally, review and implement path validation logic similar to the safe_resolve_path() function to prevent file operations outside the intended directory.

Compliance Impact

This vulnerability allows unauthorized reading and writing of files outside the intended directory, potentially exposing sensitive data or modifying critical files.

Such unauthorized access and modification can lead to violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to sensitive information.

Applications relying on Langroid's file tools to enforce directory boundaries may fail to adequately protect sensitive data, thereby impacting compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50181. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart