Package: langroid (pip) Affected Versions: <= 0.59.31 Patched Versions: 0.59.32 Vulnerability: WAF Bypass Leading to RCE in TableChatAgent CVE ID: CVE-2026-25481 Severity: Critical (9.4/10) Affected Scope langroid <= 0.59.31 Vulnerability Description CVE-2025-46724: Fix bypass: TableChatAgent can call tool to evaluate the expression. There is a WAF in introduced to block code injection (CVE-2025-46724). However it can be bypassed due to returning instead of raising on invalid input, combined with unrestricted access to dangerous dunder attributes ( , , ). This allows chaining whitelisted DataFrame methods to leak the builtin and execute arbitrary code. Reproduction & PoC Gadget pandas_eval (langroid/agent/special/table_chat_agent.py:239) handle_tool_message (langroid/agent/base.py:2092) handle_message (langroid/agent/base.py:1744) agent_response (langroid/agent/base.py:760) response (langroid/agent/task.py:1584) step (langroid/agent/task.py:1261) run (langroid/agent/task.py:827) Security Impact Remote Code Execution (RCE) via tool. Attackers can execute arbitrary shell commands through controlled user input.