CVE-2026-55405
LangChain4j contains a SQL injection vulnerability in the embedding stores for MariaDB and pgvector. Prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, metadata filter keys (and, for MariaDB, some string values) are concatenated directly into SQL in EmbeddingSearchRequ...