LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
Attackers who control metadata filter keys can execute arbitrary sql queries against the database.
Advisories for Pypi/Langgraph-Checkpoint-Sqlite package
2025
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
Attackers who control metadata filter keys can execute arbitrary sql queries against the database.
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls.
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API …