CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-50181

highpublic exploitCVSS 7.1covered by 2 sourcesfirst seen 2026-07-02
Public exploit code is available. Proof-of-concept or working exploit code for CVE-2026-50181 is indexed in GitHub PoC. Expect opportunistic scanning and exploitation attempts — prioritize remediation even though it is not (yet) in the CISA KEV catalog.
Summary Langroid's ReadFileTool and WriteFileTool appear to treat curr_dir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to curr_dir and then operate on the user-supplied file_path without resolving and enforcing that the final path remains inside curr_dir. As a result, a tool caller can supply path traversal sequences such as ../secret.txt to read files outside the configured current directory, or ../written_by_tool.txt to write files outside that directory. This can impact applications that expose Langroid file tools to an LLM agent, user-controlled tool call, or delegated coding/documentation agent while relying on curr_dir to restrict file access to a project/workspace directory. Details Affected components: - langroid/agent/tools/file_tools.py - langroid/utils/system.py Relevant behavior observed: ReadFileTool contains a comment indicating the intended assumption: ASSUME: file_path should be relative to the curr_dir The tool then changes into the configured current directory and calls read_file(self.file_path). WriteFileTool similarly resolves curr_dir, changes into that directory, and calls create_file(self.file_path, self.content). The issue is that changing the process working directory does not prevent traversal. A path such as ../secret.txt is still valid and resolves outside the configured curr_dir. In local testing, ReadFileTool successfully read a file outside the configured sandbox directory, and WriteFileTool successfully wrote a file outside the configured sandbox directory. PoC Tested locally against the current Langroid repository checkout. Environment: Python 3.12 Langroid installed in editable mode with pip install -e . PoC script: from pathlib import Path from tempfile import TemporaryDirectory import os os.environ["docker"] = "false" os.environ["DOCKER"] = "false" from langroid.agent.tools.file_tools impo

⚡ Watch CVE-2026-50181

Get an email if CVE-2026-50181 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Exploit availability

Public exploit or proof-of-concept code for CVE-2026-50181 is indexed in these free datasets. Available exploit code raises real-world risk independent of the CVSS score.

Advisory coverage (2)

External references

NVD record for CVE-2026-50181

CVE.org record

Embed the live status

CVE-2026-50181 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-50181 status](https://www.csirts.com/badge/CVE-2026-50181)](https://www.csirts.com/cve/CVE-2026-50181)