GHSA-pmch-g965-grmr: Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
Summary
Langroid's SQLChatAgent contains a security flaw where its `_validate_query` blocklist (a list of dangerous SQL patterns to reject) fails to block several PostgreSQL file-reading functions like `pg_read_file()` and `pg_ls_logdir()`. An attacker who can influence the SQL queries the AI generates (through direct input or by injecting instructions into data the AI reads) can exploit this to read arbitrary files from the database server, even when the agent is configured to only allow SELECT statements and forbid dangerous operations.
Solution / Mitigation
The source text does not explicitly describe a fix, patch, or version where this vulnerability was resolved. N/A -- no mitigation discussed in source.
Vulnerability Details
EPSS: 0.0%
Yes
July 2, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-pmch-g965-grmr
First tracked: July 2, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%