LangGraph checkpoint flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed three now-patched LangGraph vulnerabilities affecting self-hosted deployments and including a remote code execution chain. The flaws span SQLite checkpoint SQL injection, unsafe msgpack deserialization, and RediSearch Query Injection. The issue is most serious where deployments accept user-controlled filter input or expose the get_state_history() endpoint. LangSmith Deployment is stated to be unaffected.
Timeline
-
12.06.2026 12:50 2 articles · 7h ago
Check Point discloses three patched LangGraph vulnerabilities
Initial DisclosureCheck Point disclosed three now-patched LangGraph flaws on 2026-06-12, including CVE-2025-67644, a SQL injection in LangGraph's SQLite checkpoint implementation before 3.0.1; CVE-2026-28277, an unsafe msgpack deserialization issue in LangGraph before 1.0.10; and CVE-2026-27022, a RediSearch Query Injection in @langchain/langgraph-checkpoint-redis before 1.0.1. The reported chain can affect self-hosted deployments using the SQLite or Redis checkpointer with user-controlled filter input and could lead to remote code execution, while LangSmith Deployment is stated to be unaffected.
Show sources
- LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution — thehackernews.com — 12.06.2026 12:50
- LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution — thehackernews.com — 12.06.2026 12:50