CVE-2026-55615
langroid · langroid
Langroid's Neo4jChatAgent is vulnerable to prompt injection, allowing attackers to execute arbitrary Cypher queries and potentially gain OS-level access if server configurations permit.
Executive summary
A critical injection vulnerability in the langroid framework allows attackers to execute arbitrary queries, leading to potential data destruction or remote code execution.
Vulnerability
The Neo4jChatAgent fails to validate LLM-generated Cypher queries (CWE-74), leaving the database susceptible to prompt injection. An attacker can manipulate these queries to read or destroy graph data, and potentially achieve OS-level command execution if APOC or dbms.security procedures are enabled.
Business impact
The CVSS score of 9.2 underscores the high risk of this vulnerability, which could lead to total compromise of the database and underlying server infrastructure. Unauthorized access to data or full system takeover could result in significant loss of intellectual property and severe operational disruption.
Remediation
Immediate Action: Upgrade the langroid framework to version 0.65.5 or later immediately.
Proactive Monitoring: Audit Neo4j database logs for unusual or unauthorized Cypher queries and monitor for suspicious OS-level process execution.
Compensating Controls: Restrict Neo4j database permissions to the minimum necessary and disable APOC or other dangerous procedures if they are not required for core functionality.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability represents a significant security risk for any application utilizing the langroid framework with Neo4j. Organizations must prioritize the update to version 0.65.5 to eliminate the injection vector and secure their database environment against unauthorized access and potential remote code execution.