109 matches found
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794
LangGraph CVE-2026-27794 affects the Checkpoint component prior to version 4.0.0 where the BaseCache default serializer (JsonPlusSerializer with pickle_fallback) can deserialize attacker-supplied bytes from a cache backend if the application enables caching and nodes opt into CachePolicy. An atta...
CVE-2026-27794
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...
PT-2026-21967
Name of the Vulnerable Software and Affected Versions LangGraph versions prior to 4.0.0 Description A Remote Code Execution issue exists in LangGraph's caching layer when applications enable cache backends inheriting from BaseCache and opt nodes into caching via CachePolicy. Prior to version 4.0....
langgraph 代码问题漏洞
Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph prior to 4.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from the caching layer’s ability to deserialize cached values using pickle.loads when msgpack serialization fails, potentially...
Exploit for CVE-2025-67644
CVE-2025-67644 PoC – LangGraph SQLite Checkpoint SQL Injection...
CVE-2026-27022 RediSearch Query Injection in @langchain/langgraph-checkpoint-redis
@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directl...
@langgraph-js/pure-graph (>=1.3.0 <=1.5.3), @langgraph-js/sdk (>=3.0.0 <=3.1.0) +1 more potentially affected by CVE-2026-27022 via @langchain/langgraph-checkpoint-redis (=0.0.2)
@langchain/langgraph-checkpoint-redis NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @langchain/langgraph-checkpoint-redis and may be impacted: - @langgraph-js/pure-graph =1.3.0, =3.0.0, =3.0.0, =3.0.1 Source cves: CVE-2026-27022...
SQL Injection
LangGraph SQLite Checkpoint is vulnerable to SQL injection. The vulnerability is due to unsafe construction of SQL queries using unvalidated metadata filter keys, where attacker-controlled keys are interpolated directly into SQL f-strings in the checkpoint search logic, allowing manipulation of...
SQL Injection
langgraph-checkpoint-sqlite is vulnerable to SQL Injection. The vulnerability is due to use of direct string concatenation without proper parameterization in database queries, which allows an attacker to inject arbitrary SQL and bypass access controls...
CVE-2025-67644
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-67644
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
langgraph SQL注入漏洞
langgraph is a large modeling framework open source by LangChain. An SQL injection vulnerability exists in langgraph 3.0.0 and earlier versions, which stems from an unvalidated metadata filter key that could lead to an SQL injection attack...
SQL Injection
Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via the metadatapredicate function. An attacker can execute arbitrary SQL commands by supplying crafted metadata filter...
langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (=3.0.0)
langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: CVE-2025-67644 Source advisory:...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
EUVD-2025-202333
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...