Lucene search
K

121 matches found

OSV
OSV
added 6 days ago4 views

ROOT-APP-PYPI-CVE-2026-48776 CVE-2026-48776 in rootio-langgraph-sdk - Patched by Root

Root has patched CVE-2026-48776 in the rootio-langgraph-sdk package for Root:PyPI. Multiple fixed versions available...

9.1CVSS5.9AI score0.00216EPSS
Exploits0
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-14742

A flaw was found in langgraph. A remote attacker could exploit this vulnerability by manipulating the defaultcachekey argument within the freeze function of the Task Result Cache component. This manipulation leads to the use of a weak hash, which may result in limited information disclosure...

3.1CVSS5.7AI score0.0016EPSS
Exploits0References10
Snyk
Snyk
added 2026/07/05 12:28 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 10:45 a.m.40 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:45 a.m.13 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/05 10:45 a.m.8 views

EUVD-2026-41747

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 10:45 a.m.18 views

CVE-2026-14742

The CVE affects langchain-ai langgraph up to 1.2.4. The vulnerability lies in the function _freeze in libs/langgraph/langgraph/_internal/_cache.py (Task Result Cache). Manipulating the argument default_cache_key causes use of a weak hash, enabling a possible remote attack. Exploitation is describ...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/25 6:32 p.m.12 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 6:32 p.m.8 views

LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

9.1CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 6:32 p.m.3 views

GHSA-W39P-VH2G-G8G5 LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

4.2CVSS5.7AI score0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:25 p.m.9 views

EUVD-2026-37140

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading...

6.8CVSS5.9AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:25 p.m.4 views

GHSA-FJQC-HQ36-QH5P LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

Summary LangGraph's JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in tu...

6.8CVSS6.4AI score0.00232EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 4:39 p.m.8 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Overview langgraph-sdk is a SDK for interacting with LangGraph API Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the construction of HTTP request paths using unsanitized identifier values. An attacker can gain...

9.1CVSS5.8AI score0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 3:11 p.m.11 views

CVE-2026-48776

A flaw was found in the LangGraph Python SDK. This vulnerability allows a remote attacker with low privileges to manipulate URL paths by providing unsanitized input. This could result in unintended access, modification, or deletion of resources, potentially compromising data confidentiality and...

9.1CVSS5.3AI score0.00216EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 10:55 a.m.12 views

CVE-2026-48776

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

9.1CVSS0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 10:46 a.m.17 views

CVE-2026-48775

A flaw was found in LangGraph. This vulnerability allows an attacker with high privileges and adjacent network access to modify checkpoint data. By manipulating these stored checkpoint bytes, an attacker can trigger insecure deserialization, leading to arbitrary code execution when the checkpoint...

6.8CVSS6AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 7:51 p.m.3 views

CVE-2026-48776 LangGraph SDK has unsafe URL path construction

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:16 p.m.22 views

CVE-2026-48775

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...

6.8CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 5:53 p.m.36 views

CVE-2026-48775

LangGraph SQLite Checkpoint (JsonPlusSerializer) is vulnerable in 4.1.0 and earlier due to unsafe deserialization of JSON checkpoint payloads. If an unauthorized party can modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the appl...

6.8CVSS6AI score0.00232EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder