CVE-2026-54771
Received Received - Intake

Remote Code Execution in Langroid Framework

Vulnerability report for CVE-2026-54771, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0.65.3 fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
langroid langroid to 0.65.3 (exc)
langroid langroid to 0.65.6 (inc)
langroid langroid 0.65.7

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-75 The product does not adequately filter user-controlled input for special elements with control implications.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54771 is a vulnerability in the Langroid framework, specifically in versions up to 0.65.6. It occurs because the function that handles messages (`handle_message()`) executes user-supplied JSON tool commands without verifying whether the sender is trusted.

This means that untrusted users can send raw JSON payloads to invoke tools that were intended to be restricted (registered with `use=False, handle=True`). The system does not properly check if the message came from a trusted entity, allowing attackers to bypass restrictions.

As a result, attackers can execute arbitrary tools, potentially performing unauthorized actions such as reading or writing files, querying databases, or accessing internal tools.

The vulnerability was partially fixed in versions 0.65.3 to 0.65.6 but remained exploitable in some multi-agent scenarios. A complete fix was introduced in version 0.65.7.

Impact Analysis

This vulnerability can have serious impacts on the confidentiality and integrity of your system.

  • Attackers can execute arbitrary tools that may read or write files, potentially exposing or altering sensitive data.
  • Unauthorized database queries could be performed, leading to data leakage or corruption.
  • Access to internal tools could allow further exploitation or manipulation of the system.

The vulnerability does not impact availability but poses a high risk to data confidentiality and integrity, as reflected by its CVSS score of 8.1.

Detection Guidance

Detection of this vulnerability involves monitoring for unexpected or unauthorized execution of tools via raw JSON payloads sent as chat input to the Langroid application.

Specifically, you should look for chat messages containing raw tool JSON that bypasses the intended restrictions of tools registered with `use=False, handle=True`.

Since the vulnerability allows untrusted users to invoke tools without proper verification, network or application logs showing such JSON payloads or unusual tool invocations can indicate exploitation attempts.

  • Inspect application logs for chat inputs containing raw JSON tool invocation payloads.
  • Use network monitoring tools to capture and analyze traffic to the chat interface for suspicious JSON payloads.
  • If you have access to the Langroid environment, consider adding logging or debugging commands to trace calls to `handle_message()` and check the origin of messages.
Mitigation Strategies

The immediate mitigation step is to upgrade the Langroid framework to version 0.65.7 or later, where the vulnerability is fully fixed by implementing taint propagation to prevent handle-only tools from being triggered by untrusted user input.

If upgrading immediately is not possible, consider restricting access to the chat interface to trusted users only, or disabling tools registered with `use=False, handle=True` until a patch can be applied.

Additionally, review and harden any multi-agent setups to prevent laundering paths that could bypass partial fixes in versions 0.65.3 to 0.65.6.

Compliance Impact

This vulnerability allows untrusted users to execute arbitrary tools within the Langroid framework, potentially leading to unauthorized file read/write operations, database queries, or access to internal tools.

Such unauthorized access and manipulation of data can compromise confidentiality and integrity, which are critical requirements under common standards and regulations like GDPR and HIPAA.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to potential data breaches or unauthorized data handling.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54771. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart