Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-55615— Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

AI Predicted 9.8 Difficulty: Easy EPSS 0.46% · P37

Affected Version Matrix 1

VendorProductVersion RangeStatus
langroidlangroid< 0.65.5affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-55615

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Source: NVD (National Vulnerability Database)
Vulnerability Description
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influence the prompt can read or destroy all graph data and, when APOC or dbms.security procedures are enabled on the server, achieve OS-command and filesystem access. This is the same defect class and threat model as the SQLChatAgent prompt-to-SQL-to-RCE issue fixed in version 0.63.0 (CVE-2026-25879); that fix did not extend to the neo4j module. Version 0.65.5 contains a fix for the neo4j module.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
langroidlangroid < 0.65.5 -

II. Public POCs for CVE-2026-55615

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-55615

登录查看更多情报信息。

Patches & Fixes for CVE-2026-55615 (1)

Vendor Advisories for CVE-2026-55615 (1)

Same Patch Batch · langroid · 2026-07-09 · 6 CVEs total

CVE-2026-5476910.0 CRITICALLangroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in Ta
CVE-2026-547718.1 HIGHLangroid: handle_message() executes user-supplied tool JSON without sender verification
CVE-2026-501817.1 HIGHLangroid: Path traversal in the file tools allows read/write outside configured current di
CVE-2026-54760Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-
CVE-2026-50180Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbit

IV. Related Vulnerabilities

V. Comments for CVE-2026-55615

No comments yet


Leave a comment