What happened
Langroid's SQLChatAgent ships a defense-in-depth _validate_query layer whose _DANGEROUS_SQL_PATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name, but the list is incomplete/bypassable, allowing LLM-generated SQL that reaches the underlying database engine's dangerous functions (e.g., file read/write, command execution extensions) to slip through.
Why it matters
This is the precursor defect class to the more severe Neo4jChatAgent Cypher-injection flaw (CVE-2026-55615) disclosed the same week, confirming a systemic pattern in Langroid's LLM-to-query agent designs where blocklist-based sanitization of LLM-generated queries is insufficiently robust against prompt injection.
Attack vector
Prompt injection causes LLM to generate SQL using dangerous database functions not covered by the incomplete regex blocklist
Affected systems
Langroid (pip package) SQLChatAgent < 0.64.0
Mitigation
Upgrade to Langroid ≥0.64.0