Share
## https://sploitus.com/exploit?id=507D6F79-85AB-571F-9A40-CE5CED70E2AD
# CVE-2026-50181

Langroid path traversal in file tools allowed read/write outside the configured current directory.

**Primary advisory:** [GHSA-fg23-3346-88f5](https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5)  
**GitHub advisory database:** [github.com/advisories/GHSA-fg23-3346-88f5](https://github.com/advisories/GHSA-fg23-3346-88f5)  
**Researcher credit:** [@chaitanyagarware](https://github.com/chaitanyagarware)

## At a Glance

| Field | Value |
| --- | --- |
| CVE | `CVE-2026-50181` |
| GHSA | `GHSA-fg23-3346-88f5` |
| Project | `langroid/langroid` |
| Package | `langroid` |
| Ecosystem | pip |
| Severity | High |
| CVSS | 7.1, `CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N` |
| Weaknesses | `CWE-22`, `CWE-23` |
| Published | Repository advisory: 2026-05-28; GitHub advisory database: 2026-07-02 |
| NVD status | No record returned as of 2026-07-09 |
| CVE.org status | CVE Services API returned no record as of 2026-07-09 |

## Summary

Langroid's `ReadFileTool` and `WriteFileTool` treated `curr_dir` as a working-directory boundary, but the tools changed the process working directory and then used user-controlled file paths without enforcing that the final resolved path stayed inside the configured directory.

In applications that expose Langroid file tools to an agent, delegated workflow, or user-controlled tool call, this could allow reads or writes outside the intended project/workspace directory.

## Affected Versions

| Package | Affected |
| --- | --- |
| `langroid` | `<= 0.63.0` |

## Fixed Versions

The repository advisory lists no known patched version. The GitHub advisory database later associated the issue with `0.64.0` as a patched version. Treat the upstream advisory as the primary source if this changes.

## Public Database Coverage

| Source | Status | Link |
| --- | --- | --- |
| GitHub repository advisory | Published | [GHSA-fg23-3346-88f5](https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5) |
| GitHub Advisory Database | Published | [Global advisory](https://github.com/advisories/GHSA-fg23-3346-88f5) |
| GitHub Advisory Database repository | Present | [advisory-database JSON](https://github.com/github/advisory-database/tree/main/advisories/github-reviewed/2026/07/GHSA-fg23-3346-88f5) |
| NVD | Not indexed yet | [NVD detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50181) |
| CVE.org | Not indexed yet | [CVE detail](https://vulners.com/cve/CVE-2026-50181) |

## Additional Public Mentions Found

- `Tabll/gemnasium-db` includes a `pypi/langroid/CVE-2026-50181.yml` entry.
- `opencve/opencve-kb` includes a `2026/CVE-2026-50181.json` entry.
- `cyberdudebivash/cyberdudebivash-blog` has generated HTML/posts for `CVE-2026-50181`.
- `RogoLabs/consensus-engine` includes a data file for this CVE.
- `Agent-Threat-Rule/agent-threat-rules` includes a proposal for `GHSA-fg23-3346-88f5`.

## Disclosure Note

This repository is a public index and portfolio landing page. It intentionally summarizes the vulnerability and links to authoritative records instead of copying full proof-of-concept exploit scripts.