Lucene search
K

115 matches found

Snyk
Snyk
added 2026/07/05 12:28 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 10:45 a.m.8 views

EUVD-2026-41747

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 10:45 a.m.40 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:45 a.m.13 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/07/05 10:45 a.m.18 views

CVE-2026-14742

The CVE affects langchain-ai langgraph up to 1.2.4. The vulnerability lies in the function _freeze in libs/langgraph/langgraph/_internal/_cache.py (Task Result Cache). Manipulating the argument default_cache_key causes use of a weak hash, enabling a possible remote attack. Exploitation is describ...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/25 6:32 p.m.8 views

LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

9.1CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 6:32 p.m.12 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:25 p.m.9 views

EUVD-2026-37140

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading...

6.8CVSS5.9AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 4:39 p.m.8 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Overview langgraph-sdk is a SDK for interacting with LangGraph API Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the construction of HTTP request paths using unsanitized identifier values. An attacker can gain...

9.1CVSS5.8AI score0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 3:11 p.m.10 views

CVE-2026-48776

A flaw was found in the LangGraph Python SDK. This vulnerability allows a remote attacker with low privileges to manipulate URL paths by providing unsanitized input. This could result in unintended access, modification, or deletion of resources, potentially compromising data confidentiality and...

9.1CVSS5.3AI score0.00216EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 10:55 a.m.11 views

CVE-2026-48776

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

9.1CVSS0.00216EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:16 p.m.22 views

CVE-2026-48775

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...

6.8CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 5:53 p.m.35 views

CVE-2026-48775

LangGraph SQLite Checkpoint (JsonPlusSerializer) is vulnerable in 4.1.0 and earlier due to unsafe deserialization of JSON checkpoint payloads. If an unauthorized party can modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the appl...

6.8CVSS6AI score0.00232EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49755

Name of the Vulnerable Software and Affected Versions LangGraph SQLite Checkpoint versions prior to 4.1.1 Description The JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. If an unauthorized party modifies checkpoint bytes at rest in the backing store, the...

6.8CVSS6.4AI score0.00232EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

4.2CVSS5.9AI score0.00216EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/12 9:50 a.m.11 views

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent...

7.8CVSS7.9AI score0.05219EPSS
Exploits2
OSV
OSV
added 2026/06/03 2:51 p.m.10 views

ROOT-APP-PYPI-CVE-2025-64439 CVE-2025-64439 in rootio-langgraph-checkpoint - Patched by Root

Root has patched CVE-2025-64439 in the rootio-langgraph-checkpoint package for Root:PyPI. Multiple fixed versions available...

7.4CVSS6.4AI score0.00871EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:3 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of integrity, arbitrary code execution, denial of service and SSRF

Summary IBM App Connect Enterprise Certified Container Designer operands that use mapping assistance and Dashboard operands that use the App Connect Enterprise Agent are vulnerable to loss of integrity CVE-2026-28684, arbitrary code execution CVE-2026-28277, denial of service CVE-2026-40347 and...

7.2CVSS6.3AI score0.05219EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/07 12:15 p.m.6 views

Malicious code in @langgraphjs/toolkit (npm)

Package collects and sends sensitive system info to a hardcoded server. The package masquerades as a LangGraph JS utility but contains a malicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.9AI score
Exploits0References6
Rows per page
Query Builder