HomeCVE Intelligence › CVE-2026-54771
CVSS 8.1 HIGH Vulnerability

CVE-2026-54771: Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enable_message(...,…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-54771
Vendorpip
Affected Productlangroid
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True.

Details enable_message(..., use=False, handle=True) only prevents the LLM from being instructed to generate the tool. The tool dispatch path in agent_response()handle_message()get_tool_messages() does not check whether the message originated from Entity.USER or Entity.LLM: langroid/agent/base.py As a result, a user who sends raw tool JSON as chat input can directly invoke the handler.

PoC The following script demonstrates that a tool registered with use=False, handle=True can still be invoked directly by a user-supplied chat message. ```python

from langroid.agent.chat_ag

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-54771 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence