Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-25879: Langroid SQL Injection Allows Remote Code Execution
GHSA-mxfr-6hcw-j9rq
CVE-2026-25879
Summary
Langroid versions prior to 0.63.0 are vulnerable to SQL injection, which can allow an attacker to execute code on the database host. This can be prevented by updating to the latest version of Langroid. If you cannot update, consider restricting the database role's privileges to prevent code execution or filesystem access.
What to do
- Update langroid to version 0.63.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | langroid |
< 0.63.0 Fix: upgrade to 0.63.0
|
Original title
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. Wh...
Original description
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access (e.g., PostgreSQL pg_execute_server_program, MySQL FILE, MSSQL xp_cmdshell), an attacker who can shape the agent's input — including indirectly via data returned to the LLM — can coerce execution of dialect-specific primitives such as `COPY ... FROM PROGRAM`, achieving RCE on the database host. Fixed in v0.63.0 by defaulting SQLChatAgent to a SELECT-only sqlglot-parsed statement allowlist with a dialect-aware dangerous-pattern blocklist; allow_dangerous_operations=True restores the previous unrestricted behavior for trusted deployments.
ghsa CVSS3.1
9.8
Vulnerability type
CWE-89
SQL Injection
CWE-94
Code Injection
Published: 1 Jun 2026 · Updated: 2 Jun 2026 · First seen: 27 May 2026