104 matches found
PYSEC-2026-83
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +432 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.10)
langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.5 and more Source cves: CVE-2026-28277 Source advisory: OSV:PYSEC-2026-83...
PYSEC-2026-83
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
CVE-2026-28277
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
CVE-2026-28277
CVE-2026-28277 affects LangGraph checkpoint loading using an SQLite-backed checkpoint store. In versions ≤1.0.9, msgpack-encoded checkpoints may deserialize into Python objects, enabling an attacker with write access to the checkpoint store to craft payloads that trigger unsafe reconstruction whe...
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
langgraph 代码问题漏洞
Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph 1.0.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the possibility of re-creating Python objects during deserialization, which could lead to insecure object reconstruction...
LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LangChain LangGraph. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BaseCache class. The issue results from the lack of proper validation of...
a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +380 more potentially affected by CVE-2026-27794 via langgraph-checkpoint (>=1.0.12 <=3.0.1)
langgraph-checkpoint PYPI version =1.0.12, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.1.1, =0.2.0a1, =0.2.5a2, =0.0.3rc0, =0.0.3rc4 and more Source cves: CVE-2026-27794 Source advisory: OSV:GHSA-MHR3-J7M5-C7C9...
GHSA-MHR3-J7M5-C7C9 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...
CVE-2026-27794
A flaw was found in LangGraph Checkpoint. This vulnerability allows a remote attacker with write access to the cache backend to achieve remote code execution. This occurs when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. If msgpack...
CVE-2026-27794
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794
LangGraph CVE-2026-27794 affects the Checkpoint component prior to version 4.0.0 where the BaseCache default serializer (JsonPlusSerializer with pickle_fallback) can deserialize attacker-supplied bytes from a cache backend if the application enables caching and nodes opt into CachePolicy. An atta...