Found SQL injection vulnerabilities in the pgvecto_rs and relyt vector store implementations where user-controlled metadata values are interpolated directly into SQL queries via f-strings.

Affected files:

• api/core/rag/datasource/vdb/pgvecto_rs/pgvecto_rs.py — get_ids_by_metadata_field() and text_exists()
• api/core/rag/datasource/vdb/relyt/relyt_vector.py — get_ids_by_metadata_field(), delete_by_ids(), and text_exists()

Example (pgvecto_rs.py):

select_statement = sql_text(f"SELECT id FROM {self._collection_name} WHERE meta->>'{key}' = '{value}'; ")

The key and value parameters are directly interpolated without parameterization. If document metadata contains specially crafted values, this allows arbitrary SQL execution.

Suggested fix: Use SQLAlchemy text() bind parameters:

select_statement = sql_text(f"SELECT id FROM {self._collection_name} WHERE meta->>:key = :value")
result = session.execute(select_statement, {"key": key, "value": value})