CVE Daily

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. ...

Critical CVSS 9.1

Overview

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

CWE: CWE-611 Published: 2025-05-05T20:15:21.107
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.1 (CRITICAL)
  • Detected tags: dos (tag impact: LOW)

Recommended actions:

  • Rate limiting, resource quotas and circuit breakers.

Recommended tools

Tags