cvedb.io
CVE-2025-46724
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-05-20T18:15:46.430 · Last modified 2026-06-17T09:26:52.803

Summary

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

Affected products

langroid — langroid

Does this affect you?

Add your gear to cvedb and we'll alert you only when langroid ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.