SQL Injection in Langroid
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_D…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Langroid — versions < 0.65.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)