<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Langroid (&lt;= 0.63.0) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/langroid--0.63.0/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:11:45 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/langroid--0.63.0/feed.xml" rel="self" type="application/rss+xml"/><item><title>Langroid File Tools Path Traversal Vulnerability (CVE-2026-50181)</title><link>https://feed.craftedsignal.io/briefs/2026-07-langroid-path-traversal/</link><pubDate>Fri, 03 Jul 2026 12:11:45 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-langroid-path-traversal/</guid><description>A path traversal vulnerability (CVE-2026-50181) exists in Langroid's `ReadFileTool` and `WriteFileTool` components (versions &lt;= 0.63.0), allowing an attacker to read or write arbitrary files outside the configured `curr_dir` via crafted `file_path` arguments, potentially leading to sensitive information disclosure or unauthorized file modification in applications exposing these tools to user or LLM input.</description><content:encoded><![CDATA[<p>A significant path traversal vulnerability, tracked as CVE-2026-50181, has been identified in Langroid's <code>ReadFileTool</code> and <code>WriteFileTool</code> components, affecting all versions up to and including 0.63.0. The vulnerability stems from the tools' failure to properly validate and enforce path boundaries after changing the process working directory to a <code>curr_dir</code> (current directory). While the tools intend to restrict file operations to this <code>curr_dir</code>, they do not resolve the user-supplied <code>file_path</code> to ensure it remains within this boundary. This oversight allows an attacker to use path traversal sequences, such as <code>../</code>, within the <code>file_path</code> argument to access files located outside the intended <code>curr_dir</code>. The impact is particularly critical for applications that expose these file tools to user-controlled input, Large Language Model (LLM) agents, or delegated coding/documentation agents, as it can lead to unauthorized reading of sensitive files (e.g., secrets, configuration files) or modification of arbitrary files, compromising data confidentiality and integrity. The issue is present in <code>langroid/agent/tools/file_tools.py</code> and <code>langroid/utils/system.py</code>.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Identify Vulnerable Application:</strong> An attacker identifies an application that integrates Langroid and exposes its <code>ReadFileTool</code> or <code>WriteFileTool</code> in a way that allows user-controlled input to influence the <code>file_path</code> argument (e.g., via an LLM agent interface or a user-facing API).</li>
<li><strong>Craft Malicious Path:</strong> The attacker crafts a <code>file_path</code> argument containing path traversal sequences, such as <code>../</code>, to reference a file outside the intended sandbox or working directory (e.g., <code>../etc/passwd</code> for reading, or <code>../malicious_script.sh</code> for writing).</li>
<li><strong>Invoke Vulnerable Tool:</strong> The attacker sends the crafted <code>file_path</code> as input to the application, which then passes it directly to an instance of <code>ReadFileTool</code> or <code>WriteFileTool</code>.</li>
<li><strong>Directory Change (Internal):</strong> Internally, the Langroid tool changes the process's current working directory to the configured <code>curr_dir</code> (e.g., <code>/var/app/sandbox/</code>).</li>
<li><strong>Unvalidated Path Resolution:</strong> The tool then proceeds to open or create the file using the provided <code>file_path</code> argument. Due to the lack of proper validation, the <code>../</code> sequences are honored, causing the path to resolve outside the <code>curr_dir</code> (e.g., <code>/var/etc/passwd</code>).</li>
<li><strong>Execute Unauthorized File Operation:</strong> The Langroid tool performs the requested operation (read or write) on the arbitrarily resolved file path outside the intended boundary.</li>
<li><strong>Information Disclosure / Data Modification:</strong> If <code>ReadFileTool</code> was used, the contents of the sensitive file are disclosed to the attacker. If <code>WriteFileTool</code> was used, the attacker can modify or create arbitrary files, potentially leading to further compromise, persistence, or data integrity violations.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability can severely impact applications that enable Langroid's file tools and rely on the <code>curr_dir</code> parameter to establish a secure sandbox, project, or workspace boundary. If exploited, an attacker can read files outside the intended workspace, leading to the exposure of sensitive local secrets, configuration files, source code, environment files, or other critical project-adjacent data. Conversely, by exploiting <code>WriteFileTool</code>, an attacker could modify or create arbitrary files outside the designated project directory, which could lead to code injection, defacement, or disruption of services. The severity of the impact is contingent on how the Langroid file tools are exposed and the nature of the application's file system structure.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch CVE-2026-50181:</strong> Upgrade the Langroid library to a version patched for CVE-2026-50181 immediately.</li>
<li><strong>Implement Path Validation:</strong> For applications using Langroid file tools, implement robust path validation logic before passing any user-controlled or LLM-generated <code>file_path</code> arguments to <code>ReadFileTool</code> or <code>WriteFileTool</code>. Ensure all resolved paths remain strictly within the intended <code>curr_dir</code>.</li>
<li><strong>Review <code>curr_dir</code> Usage:</strong> Audit all instances where <code>ReadFileTool</code> and <code>WriteFileTool</code> are used, verifying that the <code>curr_dir</code> is correctly configured and that no sensitive files are reachable via path traversal from this directory.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>path-traversal</category><category>python-library</category><category>vulnerability</category><category>llm-agent</category></item></channel></rss>