high severityLangChain SQLDatabaseChain, SQL agents (create_sql_agent)

Agent or chain executes destructive SQL like DROP TABLE from seemingly innocent prompts, e.g., db_chain.run(\"Drop the employee table\") drops tables. Errors or data loss occur unexpectedly from user inputs.[GitHub Issue #5923](https://github.com/langchain-ai/langchain/issues/5923)

Root cause

SQLDatabaseChain (and similar agent tools) executed raw, unvalidated SQL queries generated by LLMs from natural language prompts. Malicious prompts tricked the LLM into generating harmful SQL (e.g., \"Drop the employee table\"), leading to prompt injection attacks causing arbitrary SQL execution.[GitHub Issue #5923](https://github.com/langchain-ai/langchain/issues/5923)

LangChainSQLDatabaseChainSQLAgentprompt injectionSQL injectionCVE-2023-36189

Citations

Agent or chain executes destructive SQL like DROP TABLE from seemingly innocent prompts, e.g., db_chain.run(\"Drop the employee table\") drops tables. Errors or data loss occur unexpectedly from user inputs.[GitHub Issue #5923](https://github.com/langchain-ai/langchain/issues/5923) — high Severity | Agentifact Bug Library