CVE-2025-46726
CRITICAL WAF: High
CVSS 9.1
Published: 2025-05-05
CWE-611
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| langroid | langroid | up to 0.53.4 |
References
- github.com (Product)
- github.com (Patch)
- github.com (Exploit, Vendor Advisory)