Lucene search
K

109 matches found

Github Security Blog
Github Security Blog
added 2026/03/05 8:19 p.m.18 views

LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

7.2CVSS6.3AI score0.05219EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/05 8:19 p.m.9 views

EUVD-2026-9860

LangGraph checkpoint loading has unsafe msgpack deserialization...

6.8CVSS5.9AI score0.05219EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/05 8:19 p.m.7 views

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +366 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.1)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.10 and more Source cves: CVE-2026-28277 Source advisory: OSV:GHSA-G48C-2WQR-H844...

7.2CVSS6AI score0.05219EPSS
Exploits0
OSV
OSV
added 2026/03/05 8:19 p.m.2 views

GHSA-G48C-2WQR-H844 LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

6.8CVSS6.4AI score0.05219EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 8:16 p.m.9 views

CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS0.05219EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/05 8:16 p.m.5 views

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +429 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.10)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.10 and more Source cves: CVE-2026-28277 Source advisory: OSV:PYSEC-2026-83...

7.2CVSS6AI score0.05219EPSS
Exploits0
PyPA
PyPA
added 2026/03/05 8:16 p.m.8 views

PYSEC-2026-83

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS5.8AI score0.05219EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/05 8:16 p.m.13 views

PYSEC-2026-83

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

7.2CVSS5.8AI score0.05219EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 7:10 p.m.28 views

CVE-2026-28277

CVE-2026-28277 affects LangGraph checkpoint loading using an SQLite-backed checkpoint store. In versions ≤1.0.9, msgpack-encoded checkpoints may deserialize into Python objects, enabling an attacker with write access to the checkpoint store to craft payloads that trigger unsafe reconstruction whe...

7.2CVSS5.9AI score0.05219EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/05 7:10 p.m.31 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS0.05219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 7:10 p.m.4 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.8AI score0.05219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 7:10 p.m.5 views

CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.9AI score0.05219EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/05 7:10 p.m.8 views

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

6.8CVSS5.8AI score0.05219EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

langgraph 代码问题漏洞

Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph 1.0.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the possibility of re-creating Python objects during deserialization, which could lead to insecure object reconstruction...

7.2CVSS5.9AI score0.05219EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.6 views

LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LangChain LangGraph. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BaseCache class. The issue results from the lack of proper validation of...

8.1CVSS6.3AI score0.00698EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/25 10:59 p.m.4 views

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +375 more potentially affected by CVE-2026-27794 via langgraph-checkpoint (>=1.0.12 <=3.0.1)

langgraph-checkpoint PYPI version =1.0.12, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.1.1, =0.2.0a1, =0.2.5a2, =0.0.3rc0, =0.0.3rc4 and more Source cves: CVE-2026-27794 Source advisory: OSV:GHSA-MHR3-J7M5-C7C9...

6.6CVSS7.2AI score0.00698EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/25 10:59 p.m.11 views

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...

6.6CVSS6.7AI score0.00698EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/25 10:59 p.m.6 views

GHSA-MHR3-J7M5-C7C9 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...

6.6CVSS6.8AI score0.00698EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 8:17 p.m.7 views

CVE-2026-27794

A flaw was found in LangGraph Checkpoint. This vulnerability allows a remote attacker with write access to the cache backend to achieve remote code execution. This occurs when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. If msgpack...

6.6CVSS6.5AI score0.00698EPSS
Exploits0References7
NVD
NVD
added 2026/02/25 6:23 p.m.6 views

CVE-2026-27794

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...

6.6CVSS0.00698EPSS
Exploits0References4
Rows per page
Query Builder