EXECUTIVE SUMMARY:
CVE-2026-25879 with a CVSS score of 9.8 is a critical vulnerability in the Langroid package, specifically affecting versions less than 0.63.0, which allows for SQL injection and subsequent remote code execution (RCE) due to the improper neutralization of special elements used in an SQL command. This occurs because the SQLChatAgent executes SQL produced by a large language model (LLM), which can be influenced by prompt injection, and when configured with a database role that has privileges enabling code execution or filesystem access, an attacker who can shape the agent's input can coerce execution of dialect-specific primitives. An attacker can exploit this vulnerability by injecting malicious SQL code into the LLM's input, requiring access to the database and the ability to influence the LLM's output, potentially through indirect means such as data returned to the LLM. If successfully exploited, the attacker gains the capability to execute arbitrary system commands, exfiltrate sensitive data, modify or delete critical database contents, and pivot to further compromise the infrastructure. The business impact of this vulnerability is significant, as it can lead to unauthorized access, data breaches, and disruption of critical systems, particularly in environments where the database server has elevated privileges. Exploitation of this vulnerability requires specific conditions, including a database role with code execution or filesystem access privileges, and the ability to influence the LLM's input, making it a targeted but highly impactful threat.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-25879 with a CVSS score of 9.8 is a critical vulnerability in the Langroid package, specifically affecting versions less than 0.63.0, which allows for SQL injection and subsequent remote code execution (RCE) due to the improper neutralization of special elements used in an SQL command. This occurs because the SQLChatAgent executes SQL produced by a large language model (LLM), which can be influenced by prompt injection, and when configured with a database role that has privileges enabling code execution or filesystem access, an attacker who can shape the agent's input can coerce execution of dialect-specific primitives. An attacker can exploit this vulnerability by injecting malicious SQL code into the LLM's input, requiring access to the database and the ability to influence the LLM's output, potentially through indirect means such as data returned to the LLM. If successfully exploited, the attacker gains the capability to execute arbitrary system commands, exfiltrate sensitive data, modify or delete critical database contents, and pivot to further compromise the infrastructure. The business impact of this vulnerability is significant, as it can lead to unauthorized access, data breaches, and disruption of critical systems, particularly in environments where the database server has elevated privileges. Exploitation of this vulnerability requires specific conditions, including a database role with code execution or filesystem access privileges, and the ability to influence the LLM's input, making it a targeted but highly impactful threat.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update Langroid to version 0.63.0.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-mxfr-6hcw-j9rq