216.73.216.215

CVE-2025-46726

· Published 05/05/2025 20:15 · Modified 05/05/2025 20:54

Labels: CVE-2025-46726 2025-05-05CVE-2025-46726CWE-611[email protected]

Essential information

Published
05/05/2025 20:15
Modified
05/05/2025 20:54
Author
Creator
CVSS
7.8 HIGH (v3) 7.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
langroid / langroid cpe:2.3:a:langroid:langroid:<0.53.4:*:*:*:*:*:*:*

References