Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enable_message(...,…
| CVE ID | CVE-2026-54771 |
| Vendor | pip |
| Affected Product | langroid |
| Vulnerability Type | Vulnerability |
| CVSS Score | 8.1 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
use=False, handle=True.enable_message(..., use=False, handle=True) only prevents the LLM from being instructed to generate the tool. The tool dispatch path in agent_response() → handle_message() → get_tool_messages() does not check whether the message originated from Entity.USER or Entity.LLM: langroid/agent/base.py As a result, a user who sends raw tool JSON as chat input can directly invoke the handler.use=False, handle=True can still be invoked directly by a user-supplied chat message. ```pythonfrom langroid.agent.chat_ag
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.