# Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept **untrusted metadata filter keys** (not just filter values) in checkpoint search operations. # Impact Attackers who control metadata filter keys can execute arbitrary sql queries against the database. # Root Cause The `_metadata_predicate()` function constructs SQL queries by interpolating filter keys directly into f-strings without validation: ```python # VULNERABLE CODE (before fix) …
GHSA-9rwj-6rc7-p77c: LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
LangGraph's SQLite checkpoint implementation is vulnerable to SQL injection via untrusted metadata filter keys, allowing arbitrary SQL query execution.