{"data":{"id":"25b29257-6e61-442a-9fe2-ab6a884a2df0","title":"GHSA-fg23-3346-88f5: Langroid: Path traversal in the file tools allows read/write outside configured current directory","summary":"Langroid's ReadFileTool and WriteFileTool have a path traversal vulnerability (a security flaw where attackers use sequences like ../ to access files outside intended boundaries) because they only change the working directory but don't validate that file paths stay within the configured curr_dir (current directory) boundary. An attacker can use paths like ../secret.txt to read or write files outside the intended sandbox directory, potentially compromising applications that rely on curr_dir to restrict file access.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-fg23-3346-88f5","publishedAt":"2026-07-02T17:38:03.000Z","cveId":"CVE-2026-50181","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":["langroid@<= 0.63.0 (fixed: 0.64.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langroid"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-02T17:38:03.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}