GHSA-6xc5-4r68-67fc: Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
Summary
Langroid's SQLChatAgent has a security flaw in its dangerous-function blocklist, which uses a regex pattern (a rule for matching text) to block dangerous PostgreSQL functions like pg_read_file. However, attackers can bypass this blocklist by writing the function name in quoted form, adding comments, or using schema-qualified names (like pg_catalog."pg_read_file"), because PostgreSQL accepts all these variations but the regex only checks for the function name directly followed by an opening parenthesis. This means the earlier fix that tried to block file-reading functions doesn't actually work.
Vulnerability Details
EPSS: 0.0%
Yes
July 6, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-6xc5-4r68-67fc
First tracked: July 6, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%