GHSA-mxfr-6hcw-j9rq: Langroid has Prompt to SQL Injection, Leading to RCE
Summary
Langroid versions before 0.63.0 have a vulnerability where SQLChatAgent (a tool that lets an AI execute SQL queries) can be tricked through prompt injection (hiding malicious instructions in input data) into running dangerous SQL commands. If the database is configured with elevated privileges, an attacker can achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) on the database server, potentially stealing or deleting data.
Solution / Mitigation
Fixed in v0.63.0 by defaulting SQLChatAgent to a SELECT-only sqlglot-parsed statement allowlist (a list of approved SQL operations) with a dialect-aware dangerous-pattern blocklist. Users can restore the previous unrestricted behavior by setting allow_dangerous_operations=True, but only for trusted deployments.
Vulnerability Details
EPSS: 0.0%
Yes
May 27, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-mxfr-6hcw-j9rq
First tracked: May 27, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%