CVE-2026-55615

langroid · langroid

Langroid's Neo4jChatAgent is vulnerable to prompt injection, allowing attackers to execute arbitrary Cypher queries and potentially gain OS-level access if server configurations permit.

Executive summary

A critical injection vulnerability in the langroid framework allows attackers to execute arbitrary queries, leading to potential data destruction or remote code execution.

Vulnerability

The Neo4jChatAgent fails to validate LLM-generated Cypher queries (CWE-74), leaving the database susceptible to prompt injection. An attacker can manipulate these queries to read or destroy graph data, and potentially achieve OS-level command execution if APOC or dbms.security procedures are enabled.

Business impact

The CVSS score of 9.2 underscores the high risk of this vulnerability, which could lead to total compromise of the database and underlying server infrastructure. Unauthorized access to data or full system takeover could result in significant loss of intellectual property and severe operational disruption.

Remediation

Immediate Action: Upgrade the langroid framework to version 0.65.5 or later immediately.

Proactive Monitoring: Audit Neo4j database logs for unusual or unauthorized Cypher queries and monitor for suspicious OS-level process execution.

Compensating Controls: Restrict Neo4j database permissions to the minimum necessary and disable APOC or other dangerous procedures if they are not required for core functionality.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This vulnerability represents a significant security risk for any application utilizing the langroid framework with Neo4j. Organizations must prioritize the update to version 0.65.5 to eliminate the injection vector and secure their database environment against unauthorized access and potential remote code execution.