CVE-2026-55405
Received Received - Intake

SQL Injection in LangChain4j Embedding Stores

Vulnerability report for CVE-2026-55405, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter() can break out of its SQL context and inject arbitrary SQL into the statements executed by the stores' search and removeAll(Filter) operations, enabling blind data exfiltration, denial of service via sleep functions, and deletion of arbitrary rows through removeAll(Filter). This issue is fixed in langchain4j-mariadb and langchain4j-pgvector versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in LangChain4j, a Java library for building LLM-powered applications. Before certain fixed versions, the MariaDB and pgvector embedding stores constructed metadata-filter SQL queries by directly concatenating filter keys and string values without proper escaping. This improper handling allows a crafted metadata key in EmbeddingSearchRequest.filter() to break out of its SQL context and inject arbitrary SQL commands.

As a result, attackers can perform blind data exfiltration, cause denial of service by using sleep functions, or delete arbitrary rows through the removeAll(Filter) operation.

Impact Analysis

This vulnerability can have serious impacts including unauthorized data exposure, denial of service, and data loss. Specifically, an attacker can exfiltrate sensitive data without detection, disrupt service availability by causing delays or crashes, and delete arbitrary data rows, potentially leading to data integrity issues.

Mitigation Strategies

To mitigate this vulnerability, upgrade langchain4j-mariadb and langchain4j-pgvector to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, or 1.16.3-beta26 or later, where the issue is fixed.

Compliance Impact

The vulnerability allows SQL injection through metadata keys, which can lead to blind data exfiltration, denial of service, and deletion of arbitrary rows in the database.

Such unauthorized data access and manipulation could potentially violate data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Therefore, if exploited, this vulnerability could compromise compliance with these standards by exposing or altering protected data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55405. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart