CVE-2026-54769

CVE-2026-54769: Langroid TableChatAgent Sandbox Escape via eval() RCE

Execution Privilege Escalation Last updated:

Detects exploitation of CVE-2026-54769, a critical sandbox escape vulnerability in Langroid's TableChatAgent component (versions <= 0.65.1). The incomplete eval() mitigation allows attackers to craft malicious inputs that escape the intended sandbox and achieve remote code execution on the host system. CVSS 10.0 with public PoC available.

Vulnerability Intelligence

Public PoC

Affected Software

Vendor
pip
Product
langroid
Versions
<= 0.65.1

Weakness (CWE)

Timeline

Disclosed
July 6, 2026

CVSS

10.0
Critical (9.0–10)
Read the write-up →

What is CVE-2026-54769 CVE-2026-54769: Langroid TableChatAgent Sandbox Escape via eval() RCE?

CVE-2026-54769: Langroid TableChatAgent Sandbox Escape via eval() RCE (CVE-2026-54769) maps to the Execution and Privilege Escalation tactics — the adversary is trying to run malicious code in MITRE ATT&CK.

This page provides production-ready detection logic for CVE-2026-54769: Langroid TableChatAgent Sandbox Escape via eval() RCE, covering the data sources and telemetry it touches: AzureDiagnostics, CommonSecurityLog, Syslog, SecurityEvent. The queries below are rated critical severity at medium confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic
Execution Privilege Escalation
Microsoft Sentinel / Defender
kusto
let LangroidRCEIndicators = dynamic(['__import__', '__builtins__', 'os.system', 'subprocess', 'eval(', 'exec(', '__class__.__mro__', '__subclasses__', 'open(', 'importlib']);
let SuspiciousCommands = dynamic(['curl', 'wget', 'nc ', 'bash', 'sh -c', 'python -c', 'cmd.exe', 'powershell']);
union
(
  AzureDiagnostics
  | where ResourceProvider == "MICROSOFT.WEB" or Category == "AppServiceHTTPLogs"
  | where csUriStem has_any ("/chat", "/agent", "/query", "/ask")
  | where csUriQuery has_any (LangroidRCEIndicators)
  | project TimeGenerated, Resource, csUriStem, csUriQuery, csMethod, scStatus, clientIp_s
),
(
  CommonSecurityLog
  | where DeviceVendor == "Python" or ApplicationProtocol == "HTTP"
  | where RequestURL has_any ("/chat", "/agent", "/query")
  | where Message has_any (LangroidRCEIndicators)
  | project TimeGenerated, DeviceAddress, RequestURL, Message, DestinationIP
),
(
  Syslog
  | where ProcessName in ("python", "python3", "uvicorn", "gunicorn", "fastapi")
  | where SyslogMessage has_any (LangroidRCEIndicators)
  | project TimeGenerated, HostName, ProcessName, SyslogMessage
),
(
  SecurityEvent
  | where EventID in (4688, 4689)
  | where ParentProcessName has_any ("python.exe", "python3.exe", "uvicorn.exe")
  | where CommandLine has_any (SuspiciousCommands)
  | project TimeGenerated, Computer, Account, ParentProcessName, NewProcessName, CommandLine
)
| extend ThreatIndicator = "CVE-2026-54769-Langroid-RCE"
| order by TimeGenerated desc

Detects HTTP requests containing eval() sandbox escape payloads targeting Langroid TableChatAgent endpoints, and child process spawning from Python/Langroid processes indicative of successful RCE exploitation.

critical severity medium confidence

Data Sources

AzureDiagnostics CommonSecurityLog Syslog SecurityEvent

Required Tables

AzureDiagnostics CommonSecurityLog Syslog SecurityEvent

False Positives

  • Legitimate Python development or testing using eval() in unrelated applications hosted on the same infrastructure
  • Security researchers or red team operators conducting authorized testing of Langroid deployments
  • Automated integration tests that invoke TableChatAgent with complex query strings containing Python-like syntax
  • Logging pipelines that capture and forward raw user input containing programming keywords

Sigma rule & cross-platform mapping

The detection logic for CVE-2026-54769: Langroid TableChatAgent Sandbox Escape via eval() RCE (CVE-2026-54769) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource:

logsource:
  product: azure

Browse the community-maintained Sigma rules for this technique:


Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Langroid TableChatAgent eval() Basic Sandbox Escape via __import__

    Expected signal: Python process executing os.system() call; creation of /tmp/cve_2026_54769_poc.txt by the Python process; Syslog/auditd records showing system() syscall from python3 process

  2. Test 2Langroid TableChatAgent MRO Traversal Sandbox Escape for RCE

    Expected signal: Python process spawning subprocess.Popen with system commands; process tree showing python3 as parent of id/sh commands; auditd EXECVE records for child process

  3. Test 3CVE-2026-54769 HTTP API Exploitation Simulation with Reverse Shell Payload

    Expected signal: Outbound TCP connection from Python/uvicorn process to attacker IP:4444; bash process spawned as child of python3/uvicorn; network flow showing new connection to port 4444 from the Langroid server IP; HTTP access log entry with encoded payload in POST body

  4. Test 4Langroid Package Version Enumeration for CVE-2026-54769 Exposure Assessment

    Expected signal: pip command execution; find/grep commands scanning for requirements files; curl requests to application health/version endpoints; process enumeration via ps

Unlock Pro Content

Get the full detection package for CVE-2026-54769 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance

Related Detections