{"data":{"id":"fcb610fa-a5cf-4dbf-a3cf-60a372a488b1","title":"GHSA-q9p7-wqxg-mrhc: Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent","summary":"Langroid's TableChatAgent and VectorStore have a critical vulnerability where they use Python's `eval()` function to execute code generated by the AI, but fail to properly sandbox it. Even though they pass an empty dictionary for local variables, Python automatically includes built-in functions like `__import__()` in the execution environment, allowing an attacker to run arbitrary commands on the host system through prompt injection (tricking the AI into generating malicious code).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-q9p7-wqxg-mrhc","publishedAt":"2026-07-06T20:42:00.000Z","cveId":"CVE-2026-54769","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["langroid@<= 0.65.1 (fixed: 0.65.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langroid"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-06T20:42:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}