Lucene search
+L

13 matches found

RedhatCVE
RedhatCVE
added 2026/07/07 2:39 p.m.8 views

CVE-2026-14742

A flaw was found in langgraph. A remote attacker could exploit this vulnerability by manipulating the defaultcachekey argument within the freeze function of the Task Result Cache component. This manipulation leads to the use of a weak hash, which may result in limited information disclosure...

3.1CVSS5.7AI score0.0016EPSS
Exploits0References10
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 10:45 a.m.8 views

EUVD-2026-41747

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:45 a.m.15 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/07/05 10:45 a.m.45 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.6 views

CVE-2026-2836

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 8:57 p.m.7 views

EUVD-2026-9512

Pingora vulnerable to cache poisoning via insecure-by-default cache key...

8.4CVSS5.9AI score0.00394EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.10 views

Duplicate Advisory: Cache poisoning via insecure-by-default cache key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f93w-pcj3-rggc. This link is maintained to preserve external references. Original Description A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 12:31 a.m.5 views

GHSA-2M8C-2374-465F Duplicate Advisory: Cache poisoning via insecure-by-default cache key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f93w-pcj3-rggc. This link is maintained to preserve external references. Original Description A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 11:44 p.m.3 views

CVE-2026-2836 Cache poisoning via insecure-by-default cache key

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...

8.4CVSS5.7AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 11:44 p.m.30 views

CVE-2026-2836 Cache poisoning via insecure-by-default cache key

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...

8.4CVSS0.00394EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 11:44 p.m.58 views

CVE-2026-2836

Pingora CVE-2026-2836 affects the default cache key construction in Pingora’s alpha proxy caching feature, which uses only the URI path and omits the host header (authority) and other factors. This can enable cross-tenant data leakage and cache poisoning where cached responses may be served to us...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-23082

Name of the Vulnerable Software and Affected Versions Pingora versions prior to 0.8.0 Description A cache poisoning issue exists in the Pingora HTTP proxy framework’s default cache key construction. The default HTTP cache key implementation generates cache keys using only the URI path, excluding...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References15
Rows per page
Query Builder