{"data":{"id":"6e83adb8-c96c-4418-8ad4-d3b89ff2619d","title":"GHSA-mxfr-6hcw-j9rq: Langroid has Prompt to SQL Injection, Leading to RCE","summary":"Langroid versions before 0.63.0 have a vulnerability where SQLChatAgent (a tool that lets an AI execute SQL queries) can be tricked through prompt injection (hiding malicious instructions in input data) into running dangerous SQL commands. If the database is configured with elevated privileges, an attacker can achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) on the database server, potentially stealing or deleting data.","solution":"Fixed in v0.63.0 by defaulting SQLChatAgent to a SELECT-only sqlglot-parsed statement allowlist (a list of approved SQL operations) with a dialect-aware dangerous-pattern blocklist. Users can restore the previous unrestricted behavior by setting allow_dangerous_operations=True, but only for trusted deployments.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mxfr-6hcw-j9rq","publishedAt":"2026-05-27T19:38:58.000Z","cveId":"CVE-2026-25879","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["langroid@< 0.63.0 (fixed: 0.63.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langroid","OpenAI","DeepSeek"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-27T19:38:58.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}