PatchDayAlert
Daily Digest · 2 min read · 5 CVEs · Issue 58 By PatchDayAlert

Langroid scores a perfect 10 RCE, plus two Juniper DoS bugs that crash your firewall

Langroid's broken eval() sandbox gives attackers full code execution (CVE-2026-54769, CVSS 10.0). A guardrails-detectors SSRF can steal cloud credentials (CVSS 9.3). Two Juniper SRX/MX flaws let a single packet crash flowd if SIP ALG or TCP proxy is active.

Patch now
2
Within 24h
0
This week
3
Exploited
0
Juniper Junos OSJuniper MX SeriesJuniper SRX SeriesNetwork ApplianceJuniper Junos OS EvolvedGuardrails DetectorsCloudLinuxLangroidWindowsMacOS

Five today, two of them ugly. Langroid's TableChatAgent has a CVSS 10.0 sandbox escape that gives an attacker full remote code execution on the host, no auth needed. Right behind it, a CVSS 9.3 blind SSRF in guardrails-detectors can leak cloud credentials from metadata endpoints. The remaining three are Juniper denial-of-service bugs that can take your SRX or MX offline with a single packet.


Today's CVEs

Sorted by urgency

02

CVE-2026-57023

NVD
7.5
CVSS
Patch this week HIGH
Juniper Junos OSJuniper MX SeriesJuniper SRX SeriesNetwork Appliance

An unauthenticated attacker can crash the flow processing daemon on Juniper MX (with SPC3) and SRX devices by sending a TCP packet with a malformed header through any session where TCP proxy is active. TCP proxy kicks in for ALGs, Advanced Anti-Malware, ICAP, and UTM, so if you use any of those features, you're exposed. The box goes fully offline until it recovers on its own.

Affected estate
Anyone running Juniper SRX or MX with SPC3 on Junos OS 23.4R1 or later who uses TCP proxy features (ALGs, anti-malware, ICAP, or UTM)
How to check
Run 'show version' and confirm your release is 23.4R1 or later. Check if TCP proxy is engaged by reviewing your security policy for ALG, UTM, ICAP, or anti-malware configurations.
Included because
unauthenticated; network-based; common perimeter device; DoS with full service outage
Action
Upgrade to the fixed Junos OS release for your train.
Why it matters
A single malformed TCP packet can cause a full outage on your perimeter firewall or router.
Source
Juniper Networks advisory

Evidence trail

03

CVE-2026-57028

NVD
7.3
CVSS
Patch this week HIGH
Juniper Junos OS EvolvedNetwork Appliance

A process on Junos OS Evolved that should only be reachable internally is accidentally exposed on a network-facing port due to a bad initialization. An unauthenticated attacker can reach it over the network and mess with your device's license management, potentially exhausting licenses and degrading functionality.

Affected estate
Anyone running Juniper Junos OS Evolved before 23.2R2-EVO
How to check
Run 'show version' and confirm the Junos OS Evolved release is below 23.2R2-EVO.
Included because
unauthenticated; network-accessible; incorrect network exposure of internal service
Action
Upgrade to Junos OS Evolved 23.2R2-EVO or later.
Why it matters
An exposed internal service lets unauthenticated attackers tamper with licensing, which can silently degrade device capabilities.
Source
Juniper Networks advisory

Evidence trail

04

CVE-2026-15378

NVD
9.3
CVSS
Patch now CRITICAL
Guardrails DetectorsCloudLinux

A blind SSRF bug in the guardrails-detectors component lets a remote attacker submit a crafted XSD string and use the server as a proxy to reach internal services. That means they can pull credentials from cloud metadata endpoints (like the AWS IMDSv1 169.254.169.254 path), hit the Kubernetes API, read MinIO secrets, or grab service account tokens off the local filesystem. CVSS 9.3, and no authentication is required.

Affected estate
Teams running guardrails-detectors in any environment, especially Kubernetes or cloud deployments with accessible metadata services
How to check
Check the installed version of the guardrails-detectors package or container image. Verify whether the XSD parsing endpoint is reachable from untrusted networks.
Included because
unauthenticated; network-based; CVSS 9.3; credential theft via SSRF; cloud and Kubernetes exposure
Action
Update guardrails-detectors to the latest patched release and enforce network policies to block outbound SSRF targets.
Why it matters
An attacker can steal cloud credentials, Kubernetes tokens, and internal secrets without authenticating.
Source
Red Hat / NVD advisory

Evidence trail

05

CVE-2026-54769

NVD
10.0
CVSS
Patch now CRITICAL
LangroidLinuxWindowsMacOS

Langroid's TableChatAgent and VectorStore features try to sandbox LLM-generated code by passing empty locals to Python's eval(), but they never scrub __builtins__. That means an attacker who can influence the LLM prompt can escape the sandbox and run arbitrary commands on the host. This is full unauthenticated remote code execution, CVSS 10.0. If your Langroid app processes any external input, you're exposed.

Affected estate
Anyone running Langroid applications before version 0.65.2 that use TableChatAgent or VectorStore with full_eval enabled
How to check
Run 'pip show langroid' and check the version. Search your codebase for 'full_eval=True', 'TableChatAgent', or 'VectorStore' usage.
Included because
unauthenticated; remote code execution; CVSS 10.0; sandbox escape; LLM-powered apps process external input
Action
Upgrade Langroid to 0.65.2 or later via pip.
Why it matters
Anyone who can feed input to your LLM agent can run arbitrary system commands on the host with no authentication.
Source
GitHub advisory / NVD

Evidence trail


One email, every Wednesday morning.

Subscribe