๐Ÿ” CVE Alert

CVE-2026-54760

UNKNOWN 0.0

Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

CVSS Score
0.0
EPSS Score
0.6%
EPSS Percentile
47th

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlglot` SELECT-only statement allowlist. The blocklist entries that target callable functions require the function name to be immediately followed by `\s*\(`. PostgreSQL accepts the same call with the name separated from `(` by a quoted identifier, an inline comment, or schema qualification. These forms evade the regex, still parse as `SELECT`, and execute the same PostgreSQL function. This restores the `pg_read_file` server-side file-read primitive that the prior CVE-2026-25879 / GHSA-pmch-g965-grmr fix was meant to block: the parent advisory fixed a missing `pg_read_file` blocklist entry, while this report shows that the added regex is bypassable. Version 0.65.1 fixes the issue.

CWE CWE-22 CWE-89
Vendor langroid
Product langroid
Published Jul 9, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for langroid langroid

Be the first to know when new unknown vulnerabilities affecting langroid langroid are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

langroid / langroid
< 0.65.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc