CVE-2026-54769 Google Chronicle · YARA-L

Detect CVE-2026-54769: Langroid TableChatAgent Sandbox Escape via eval() RCE in Google Chronicle

Detects exploitation of CVE-2026-54769, a critical sandbox escape vulnerability in Langroid's TableChatAgent component (versions <= 0.65.1). The incomplete eval() mitigation allows attackers to craft malicious inputs that escape the intended sandbox and achieve remote code execution on the host system. CVSS 10.0 with public PoC available.

MITRE ATT&CK

Tactic
Execution Privilege Escalation

YARA-L Detection Query

Google Chronicle (YARA-L)
yaral
rule CVE_2026_54769_Langroid_TableChatAgent_RCE {
  meta:
    author = "df00tech Detection Platform"
    description = "Detects CVE-2026-54769 exploitation - Langroid TableChatAgent eval() sandbox escape leading to RCE"
    severity = "CRITICAL"
    priority = "HIGH"
    reference = "https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc"
    cve = "CVE-2026-54769"
    mitre_attack = "T1059.006, T1203, T1190"

  events:
    // Pattern 1: HTTP request with eval() sandbox escape payload
    (
      $http.metadata.event_type = "NETWORK_HTTP"
      and (
        re.regex($http.network.http.target_url, `(?i)/(chat|agent|query|tablechat|ask)`)
        or re.regex($http.principal.url, `(?i)/(chat|agent|query|tablechat|ask)`)
      )
      and (
        re.regex($http.network.http.target_url, `(__import__|__builtins__|os\.system|subprocess|__subclasses__|__class__\.__mro__)`)
        or re.regex($http.network.http.request_body, `(__import__|__builtins__|os\.system|subprocess|__subclasses__|__class__\.__mro__)`)
      )
    )
    or
    // Pattern 2: Child process spawned from Python/Langroid process
    (
      $proc.metadata.event_type = "PROCESS_LAUNCH"
      and re.regex($proc.principal.process.file.full_path, `(?i)(python3?|uvicorn|gunicorn|fastapi)`)
      and (
        re.regex($proc.target.process.file.full_path, `(?i)/(bin/)?(bash|sh|dash|curl|wget|nc|ncat|python3?)$`)
        or re.regex($proc.target.process.command_line, `(?i)(-c\s|exec\(|import\s+os|subprocess|/bin/sh)`)
      )
    )

  condition:
    $http or $proc
}
critical severity medium confidence

Chronicle YARA-L rule detecting CVE-2026-54769 Langroid TableChatAgent exploitation via eval() bypass payloads in HTTP requests and subsequent RCE through suspicious child process spawning from Python web processes.

Data Sources

Chronicle UDMNetwork HTTP EventsProcess Launch Events

Required Tables

network_httpprocess_launch

False Positives & Tuning

  • Authorized penetration testing engagements against Langroid-based applications where testers use known PoC payloads
  • Python scripting frameworks that legitimately spawn bash or curl subprocesses for workflow automation from the same host
  • Development and staging environments where engineers test Langroid TableChatAgent with Python code as input
  • Security tooling that uses Python parent processes to invoke curl or wget for threat intelligence enrichment

Other platforms for CVE-2026-54769


Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Langroid TableChatAgent eval() Basic Sandbox Escape via __import__

    Expected signal: Python process executing os.system() call; creation of /tmp/cve_2026_54769_poc.txt by the Python process; Syslog/auditd records showing system() syscall from python3 process

  2. Test 2Langroid TableChatAgent MRO Traversal Sandbox Escape for RCE

    Expected signal: Python process spawning subprocess.Popen with system commands; process tree showing python3 as parent of id/sh commands; auditd EXECVE records for child process

  3. Test 3CVE-2026-54769 HTTP API Exploitation Simulation with Reverse Shell Payload

    Expected signal: Outbound TCP connection from Python/uvicorn process to attacker IP:4444; bash process spawned as child of python3/uvicorn; network flow showing new connection to port 4444 from the Langroid server IP; HTTP access log entry with encoded payload in POST body

  4. Test 4Langroid Package Version Enumeration for CVE-2026-54769 Exposure Assessment

    Expected signal: pip command execution; find/grep commands scanning for requirements files; curl requests to application health/version endpoints; process enumeration via ps

Unlock Pro Content

Get the full detection package for CVE-2026-54769 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance

Related Detections