SQL Injection in Langroid

CVE-2026-54760

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_D…

Vulnerability class: Path Traversal (Directory Traversal)

Affected products

Weakness classification (CWE)

References