Tag
A high-severity vulnerability, CVE-2026-54771, in Langroid applications allows untrusted users to directly invoke internal tools via raw JSON payloads, even when these tools are configured not to be used by the LLM, enabling malicious actors to bypass security controls and execute sensitive operations like file read/write, database queries, or access to internal orchestration tools.