CNNVD-202602-582 Information
CNNVD ID
CNNVD-202602-582
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Langroid是Langroid开源的一个利用多代理编程开发LLM的工具。 Langroid 0.59.32之前版本存在代码注入漏洞,该漏洞源于TableChatAgent调用pandas_eval工具时存在绕过,可能导致执行任意代码。
Description (English)
Langroid is a tool for the development of LLM using a multi-agent programming source in Langroid. There was a code-infusion loophole in the previous version of Langroid 0.59.32, which originated in a circumvention of the TableChatAgent call to the pandas eval tool, which could lead to the implementation of any code.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
Langroid
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/langroid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfdabdb603ea https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj https://github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57f
Patch
https://langroid.github.io/langroid/
Share on: