Lucene search
K

115 matches found

The Hacker News
The Hacker News
added 2026/03/27 8:7 a.m.8 views

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build...

9.8CVSS6.2AI score0.99972EPSS
Exploits61
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.8AI score0.05219EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/05 9:11 p.m.9 views

adxp-cli (>=0.1.1 <=0.1.21), ag-ui-langgraph (>=0.0.14 <=0.0.29) +115 more potentially affected by CVE-2026-28277 via langgraph (>=1.0.0 <=1.0.10)

langgraph PYPI version =1.0.0, =0.1.1, =0.0.14, =0.0.2, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.0.48, =0.0.54, =0.1.2, =0.1.4, =0.2.0 - chatlas-frontend =1.0.0 and more Source cves: CVE-2026-28277 Source advisory: SNYK:PYTHON-LANGGRAPH-15433492...

7.2CVSS6AI score0.05219EPSS
Exploits0
Snyk
Snyk
added 2026/03/05 9:11 p.m.3 views

Deserialization of Untrusted Data

Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded...

7.3CVSS6AI score0.05219EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/05 9:11 p.m.7 views

agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-28277 via langgraph-checkpoint (>=4.0.0 <=4.0.1)

langgraph-checkpoint PYPI version =4.0.0, =0.1.0, =0.1.0, =0.1.5 Source cves: CVE-2026-28277 Source advisory: SNYK:PYTHON-LANGGRAPHCHECKPOINT-15433491...

7.2CVSS5.8AI score0.05219EPSS
Exploits0
Snyk
Snyk
added 2026/03/05 9:11 p.m.5 views

Deserialization of Untrusted Data

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded payload to the...

7.3CVSS6AI score0.05219EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/05 8:19 p.m.19 views

LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

7.2CVSS6.3AI score0.05219EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 8:19 p.m.2 views

GHSA-G48C-2WQR-H844 LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

6.8CVSS6.4AI score0.05219EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 8:19 p.m.9 views

EUVD-2026-9860

LangGraph checkpoint loading has unsafe msgpack deserialization...

6.8CVSS5.9AI score0.05219EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/05 8:19 p.m.8 views

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +366 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.1)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.10 and more Source cves: CVE-2026-28277 Source advisory: OSV:GHSA-G48C-2WQR-H844...

7.2CVSS6AI score0.05219EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/05 8:16 p.m.6 views

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +429 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.10)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.10 and more Source cves: CVE-2026-28277 Source advisory: OSV:PYSEC-2026-83...

7.2CVSS6AI score0.05219EPSS
Exploits0
PyPA
PyPA
added 2026/03/05 8:16 p.m.10 views

PYSEC-2026-83

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS5.8AI score0.05219EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/05 8:16 p.m.13 views

PYSEC-2026-83

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS5.8AI score0.05219EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 8:16 p.m.10 views

CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS0.05219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 7:10 p.m.4 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.8AI score0.05219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 7:10 p.m.5 views

CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.9AI score0.05219EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/05 7:10 p.m.8 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.8AI score0.05219EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 7:10 p.m.32 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS0.05219EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 7:10 p.m.32 views

CVE-2026-28277

CVE-2026-28277 affects LangGraph checkpoint loading using an SQLite-backed checkpoint store. In versions ≤1.0.9, msgpack-encoded checkpoints may deserialize into Python objects, enabling an attacker with write access to the checkpoint store to craft payloads that trigger unsafe reconstruction whe...

7.2CVSS5.9AI score0.05219EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

langgraph 代码问题漏洞

Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph 1.0.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the possibility of re-creating Python objects during deserialization, which could lead to insecure object reconstruction...

7.2CVSS5.9AI score0.05219EPSS
Exploits0References1
Rows per page
Query Builder