Vulnerability  ·  2026-07-11

Langroid SQLChatAgent — Regex Blocklist Bypass Enables Prompt-to-SQL-to-RCE (CVSS 8.7)

VulnerabilityHigh impactGlobalCVE-2026-50180
Langroid's SQLChatAgent ships a defense-in-depth _validate_query layer whose _DANGEROUS_SQL_PATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name, but the list is incomplete/bypassable, allowing LLM-generated SQL that reaches the underlying database engine's dangerous functions (e.g., file read/write, command execution extensions) to slip through.
This is the precursor defect class to the more severe Neo4jChatAgent Cypher-injection flaw (CVE-2026-55615) disclosed the same week, confirming a systemic pattern in Langroid's LLM-to-query agent designs where blocklist-based sanitization of LLM-generated queries is insufficiently robust against prompt injection.
Prompt injection causes LLM to generate SQL using dangerous database functions not covered by the incomplete regex blocklist
Langroid (pip package) SQLChatAgent < 0.64.0
Upgrade to Langroid ≥0.64.0
GitHub commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →