CVE-2025-9959 — Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to — CVE Database · The Intelligence Room