Recent revelations from cybersecurity experts have shed light on three critical security vulnerabilities within LangGraph, an open-source AI framework by LangChain, which have since been patched. Notably, these flaws include a vulnerability chain that could lead to remote code execution, posing a significant threat to the system’s integrity.
Understanding LangGraph and Its Vulnerabilities
LangGraph, designed to facilitate the development of complex AI applications, was found to harbor several security weaknesses. Among them, a crucial SQL injection vulnerability was identified, potentially allowing attackers to gain control of the server by manipulating data processing mechanisms.
The specific vulnerabilities, identified as CVE-2025-67644, CVE-2026-28277, and CVE-2026-27022, were found within various components of LangGraph’s infrastructure, such as SQLite and Redis implementations. These security flaws allowed for SQL query manipulation and unsafe deserialization, thereby compromising system security.
Details of the Security Flaws
The SQL injection vulnerability, tagged CVE-2025-67644, affects versions of langgraph-checkpoint-sqlite before 3.0.1 and allows attackers to alter SQL queries via metadata filters. The unsafe msgpack deserialization, CVE-2026-28277, affects versions before 1.0.10, facilitating object reconstruction by attackers who can modify checkpoint data. Lastly, CVE-2026-27022 involves a RediSearch Query Injection, enabling access bypass in versions of @langchain/langgraph-checkpoint-redis prior to 1.0.1.
Exploiting these vulnerabilities requires specific conditions, as detailed by Check Point. The attack chain utilizes the get_state_history() endpoint, enabling attackers to retrieve and manipulate historical checkpoints through a series of steps involving malicious payloads and filter parameters.
Security Implications and Recommendations
These vulnerabilities highlight how traditional security issues, such as SQL injection, can become more dangerous within AI frameworks due to their elevated access and trust levels. Check Point emphasizes the potential for sensitive data exposure, stressing the importance of addressing these vulnerabilities promptly.
To safeguard against such threats, users are advised to update their systems with the latest patches, implement robust authentication measures for self-hosted LangGraph servers, and adhere to security best practices, such as network segmentation and the principle of least privilege.
The discovery of these vulnerabilities underscores the critical need for ongoing vigilance and proactive measures to secure AI frameworks and the sensitive data they manage.
