Product
Langroid is vulnerable to a critical Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` components when `full_eval=True` due to CVE-2026-54769; the `eval()` function fails to properly scrub `__builtins__` from `globals`, allowing attackers to inject `__import__('os').system()` calls via crafted prompt payloads, leading to unauthenticated RCE, unauthorized data access, or system compromise on the host running the Langroid agent.