PatchSiren

langchain4j CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH langchain4j CVE published 2026-07-10

CVE-2026-55405

LangChain4j, a Java library for building LLM-powered applications, had a vulnerability prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26. The issue allowed SQL injection attacks through crafted metadata keys in EmbeddingSearchRequest.filter(), enabling data exfiltration, denial of service, and row deletion. This vulnerability was particularly concerning for applications utilizi [truncated]