HIGH
langchain4j
CVE published 2026-07-10
CVE-2026-55405
LangChain4j, a Java library for building LLM-powered applications, had a vulnerability prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26. The issue allowed SQL injection attacks through crafted metadata keys in EmbeddingSearchRequest.filter(), enabling data exfiltration, denial of service, and row deletion. This vulnerability was particularly concerning for applications utilizi [truncated]