GHSA-2mfg-cc43-9pcj: LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
Summary
LangChain4j's MariaDB and pgvector embedding stores have a SQL injection vulnerability (a type of attack where an attacker inserts malicious SQL code into a query) caused by improperly escaping metadata filter keys before putting them into SQL queries. An attacker who can control the filter keys in search or remove operations could inject arbitrary SQL to steal data, cause denial of service, or delete rows from the database.
Solution / Mitigation
Fixed in langchain4j-mariadb and langchain4j-pgvector version 1.16.3-beta26. The patch properly escapes JSON filter keys before embedding them in SQL string literals (doubling single quotes for PostgreSQL and escaping backslash and single quote for MariaDB), escapes backslash and single quote in MariaDB string values, and validates or quotes column-mode keys as identifiers instead of concatenating them as raw SQL.
Vulnerability Details
EPSS: 0.0%
Yes
June 17, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-2mfg-cc43-9pcj
First tracked: June 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%