Product
An authenticated remote code execution vulnerability (CVE-2026-54449) exists in LangBot versions up to and including 4.10.5, allowing any authenticated user to achieve arbitrary command execution by modifying the MCP Server Configuration to include a crafted STDIO MCP command, enabling system takeover, data exfiltration, or reverse shells on affected instances.