Vulnerability in LangGraph SQLite Checkpoint Implementation by LangChain AI
CVE-2026-28277

6.8MEDIUM

Key Information:

Vendor

Langchain-ai

Status
Langgraph
Vendor
CVE Published:
5 March 2026

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2026-28277?

LangGraph's implementation of SQLite Checkpoint presents a significant security concern. Specifically, versions 1.0.9 and prior are vulnerable to attacks where malicious users can modify checkpoint data stored in the backing store. This manipulation can occur if an attacker gains privileged access to the persistence layer, enabling them to inject crafted payloads. When the compromised checkpoint is loaded, it can result in unsafe Python object reconstruction, leading to potential unauthorized data access or code execution. As of now, no public patch exists to mitigate this threat.

Affected Version(s)

langgraph <= 1.0.9

News Articles

favicon imageThe Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted deployments.

5 days ago

References

https://github.com/langchain-ai/langgraph/security/adviso...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.