CVE-2023-32785 in LangChain
Summary
by MITRE • 10/25/2023
In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/05/2026
This vulnerability exists within the Langchain framework version 0.0.155 and earlier, where improper input validation in prompt handling mechanisms creates a prompt injection attack vector that can lead to arbitrary code execution against SQL services. The flaw stems from insufficient sanitization of user-provided input that flows into database queries, allowing malicious actors to inject SQL commands through crafted prompts. When Langchain processes these prompts, it fails to properly escape or parameterize the input before passing it to underlying SQL services, creating a direct path for command injection attacks. This vulnerability aligns with CWE-94, which describes improper control of generation of code, and specifically manifests as CWE-89, representing SQL injection. The attack surface extends beyond simple data retrieval to potentially allow full database compromise, including data exfiltration, modification of sensitive records, and privilege escalation within the database environment. The operational impact is significant as it undermines the integrity and confidentiality of database operations, potentially exposing sensitive information and allowing attackers to manipulate the underlying data store. Attackers leveraging this vulnerability can execute arbitrary SQL commands with the privileges of the database user account that Langchain employs for its database connections. This represents a critical security risk in environments where Langchain interfaces with sensitive data repositories, particularly in applications handling personal identifiable information or financial data. The vulnerability is particularly concerning in automated systems where user input flows directly into prompt templates without proper validation. Organizations using Langchain versions prior to 0.0.156 should immediately implement mitigations including input sanitization, parameterized queries, and strict access controls for database connections. The ATT&CK framework categorizes this as a code injection technique under T1059, specifically targeting database systems through command execution. Additionally, this vulnerability demonstrates the importance of secure input handling in AI and machine learning frameworks, where prompt engineering processes must account for potential malicious input that could compromise backend services. The risk is amplified when Langchain is deployed in multi-tenant environments or systems where different users share database connections, as a single compromised prompt could affect multiple database users or roles. Security teams should implement comprehensive monitoring for unusual database query patterns and consider implementing web application firewalls to detect and block suspicious SQL injection attempts. The vulnerability highlights the need for robust security practices in AI application development, emphasizing that even seemingly benign components like prompt handling can create critical attack vectors when proper input validation is omitted.