CVE-2024-8309

CRITICAL LAB

langchain-ai/langchain <0.2.5 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-8309. PoCs published by liadlevy.

AI-analyzed exploit summary This repository demonstrates a proof-of-concept for CVE-2024-8309, a prompt injection vulnerability in Langchain's `GraphCypherQAChain` class that allows SQL injection in Neo4j databases. The PoC includes a backend (FastAPI) and frontend (Streamlit) to interact with Neo4j, showcasing how malicious Cypher queries can be executed.

Description

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

Exploits (1)

nomisec WORKING POC 3 stars

by liadlevy · poc

https://github.com/liadlevy/CVE-2024-8309

View Code ZIP pw:eip

This repository demonstrates a proof-of-concept for CVE-2024-8309, a prompt injection vulnerability in Langchain's `GraphCypherQAChain` class that allows SQL injection in Neo4j databases. The PoC includes a backend (FastAPI) and frontend (Streamlit) to interact with Neo4j, showcasing how malicious Cypher queries can be executed.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Langchain (GraphCypherQAChain) with Neo4j

No auth needed

Prerequisites: Access to a vulnerable Langchain setup with Neo4j integration · Ability to send crafted queries to the API endpoint

MITRE ATT&CK

T1505 - Server Software Component T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5

Scores

CVSS v3 9.8

EPSS 0.0200

EPSS Percentile 84.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull neo4j:5.3

https://github.com/liadlevy/CVE-2024-8309

https://github.com/langchain-ai/langchain

View in Library

Details

CWE

CWE-74 CWE-89

Status published

Products (3)

langchain/langchain 0.2.5

pypi/langchain 0 - 0.2.0PyPI

pypi/langchain-community 0.2.0 - 0.2.19PyPI

Published Oct 29, 2024

Tracked Since Feb 18, 2026