CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 12, 2026

Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control

Cybersecurity News Archived Jun 12, 2026 ✓ Full text saved

A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control through remote code execution (RCE). The issue, identified by Check Point Research, highlights how traditional vulnerabilities can become significantly more dangerous when embedded in AI-driven systems that manage […] The post Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control By Abinaya June 12, 2026 A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control through remote code execution (RCE). The issue, identified by Check Point Research, highlights how traditional vulnerabilities can become significantly more dangerous when embedded in AI-driven systems that manage sensitive data and workflows. LangGraph is widely used to build stateful AI agents that can manage multi-step processes using large language models (LLMs). With around 46.5 million monthly downloads, the framework is deployed across thousands of production environments, including enterprise automation, customer support systems, and internal business applications. Vulnerability Chain in LangGraph This widespread adoption increases the potential impact of any security weakness. The vulnerability originates in LangGraph’s checkpointing mechanism, which stores and retrieves the execution state of AI agents. LangGraph’s SQLite checkpointer stores agent state, checkpoints, and metadata (source: Checkpoint ) Checkpoint researchers found that the get_state_history() function contains an SQL injection flaw in its filter parameter, allowing attackers to manipulate database queries. While SQL injection alone is a serious issue, the risk becomes critical when combined with a second flaw involving unsafe msgpack deserialization. By chaining these vulnerabilities, an attacker can inject malicious data into the system and cause it to execute during deserialization. This results in full remote code execution on the server. The attack path demonstrates how multiple moderate flaws can combine into a severe compromise when they exist within core components of AI frameworks. Three CVEs have been assigned to track the vulnerabilities. CVE-2025-67644: SQLite injection vulnerability in the checkpointer component. CVE-2026-28277: Remote code execution via msgpack deserialization. CVE-2026-27022: Redis injection vulnerability in alternative checkpointer backend. The vulnerability chain primarily affects self-hosted deployments that use SQLite or Redis checkpointers with user-controlled input. Attack chain (source: Checkpoint ) LangChain’s managed platform, LangSmith, is not impacted. If exploited, attackers can gain access to sensitive assets managed by the AI agent. This includes LLM API keys, customer data, conversation histories, and credentials connected to external systems such as CRMs and internal APIs. Additionally, the compromised server can serve as a pivot point for further attacks on internal networks, significantly expanding the threat scope. All vulnerabilities have been patched, and users are strongly advised to upgrade immediately. Secure versions include langgraph-checkpoint-sqlite 3.0.1 or later, langgraph 1.0.10 or later, and langgraph-checkpoint-redis 1.0.2 or later. This discovery reinforces a growing concern in AI security: traditional vulnerabilities like SQL injection can have far more severe consequences when they exist in systems that operate with elevated privileges and broad access to sensitive data. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader in Espionage Attacks Hackers are Increasingly Weaponizing Trusted Tools to Deploy Notorious Malware New Weedhack Malware-as-a-Service Targets Minecraft Players to Steal Credentials, and Hijack Accounts Malicious Browser Add-Ons Target ChatGPT, Claude, Copilot, Gemini, and DeepSeek Users Latest News Cyber Security News Authorities Dismantle Cryptocurrency Laundering Services ‘AudiA6’ Used by Ransomware Gangs Cyber Security News Hackers Use Free Spotify Premium Hacks on TikTok and Instagram to Spread Vidar Infostealer Cyber Security News Solana FakeFix Campaign Uses 25 Malicious npm and PyPI Packages to Steal Developer Secrets Cyber Security News Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code Cyber Security News Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 12, 2026
    Archived
    Jun 12, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗