CVE-2026-27022 RediSearch Query Injection in @langchain/langgraph-checkpoint-redis

@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directl...

@langgraph-js/pure-graph (>=1.3.0 <=1.5.3), @langgraph-js/sdk (>=3.0.0 <=3.1.0) +1 more potentially affected by CVE-2026-27022 via @langchain/langgraph-checkpoint-redis (=0.0.2)

@langchain/langgraph-checkpoint-redis NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @langchain/langgraph-checkpoint-redis and may be impacted: - @langgraph-js/pure-graph =1.3.0, =3.0.0, =3.0.0, =3.0.1 Source cves: CVE-2026-27022...