Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control
Cybersecurity NewsArchived Jun 12, 2026✓ Full text saved
A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control through remote code execution (RCE). The issue, identified by Check Point Research, highlights how traditional vulnerabilities can become significantly more dangerous when embedded in AI-driven systems that manage […] The post Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control
By Abinaya
June 12, 2026
A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control through remote code execution (RCE).
The issue, identified by Check Point Research, highlights how traditional vulnerabilities can become significantly more dangerous when embedded in AI-driven systems that manage sensitive data and workflows.
LangGraph is widely used to build stateful AI agents that can manage multi-step processes using large language models (LLMs).
With around 46.5 million monthly downloads, the framework is deployed across thousands of production environments, including enterprise automation, customer support systems, and internal business applications.
Vulnerability Chain in LangGraph
This widespread adoption increases the potential impact of any security weakness. The vulnerability originates in LangGraph’s checkpointing mechanism, which stores and retrieves the execution state of AI agents.
LangGraph’s SQLite checkpointer stores agent state, checkpoints, and metadata (source: Checkpoint )
Checkpoint researchers found that the get_state_history() function contains an SQL injection flaw in its filter parameter, allowing attackers to manipulate database queries.
While SQL injection alone is a serious issue, the risk becomes critical when combined with a second flaw involving unsafe msgpack deserialization.
By chaining these vulnerabilities, an attacker can inject malicious data into the system and cause it to execute during deserialization.
This results in full remote code execution on the server. The attack path demonstrates how multiple moderate flaws can combine into a severe compromise when they exist within core components of AI frameworks.
Three CVEs have been assigned to track the vulnerabilities.
CVE-2025-67644: SQLite injection vulnerability in the checkpointer component.
CVE-2026-28277: Remote code execution via msgpack deserialization.
CVE-2026-27022: Redis injection vulnerability in alternative checkpointer backend.
The vulnerability chain primarily affects self-hosted deployments that use SQLite or Redis checkpointers with user-controlled input.
Attack chain (source: Checkpoint )
LangChain’s managed platform, LangSmith, is not impacted. If exploited, attackers can gain access to sensitive assets managed by the AI agent. This includes LLM API keys, customer data, conversation histories, and credentials connected to external systems such as CRMs and internal APIs.
Additionally, the compromised server can serve as a pivot point for further attacks on internal networks, significantly expanding the threat scope.
All vulnerabilities have been patched, and users are strongly advised to upgrade immediately. Secure versions include langgraph-checkpoint-sqlite 3.0.1 or later, langgraph 1.0.10 or later, and langgraph-checkpoint-redis 1.0.2 or later.
This discovery reinforces a growing concern in AI security: traditional vulnerabilities like SQL injection can have far more severe consequences when they exist in systems that operate with elevated privileges and broad access to sensitive data.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers
Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader in Espionage Attacks
Hackers are Increasingly Weaponizing Trusted Tools to Deploy Notorious Malware
New Weedhack Malware-as-a-Service Targets Minecraft Players to Steal Credentials, and Hijack Accounts
Malicious Browser Add-Ons Target ChatGPT, Claude, Copilot, Gemini, and DeepSeek Users
Latest News
Cyber Security News
Authorities Dismantle Cryptocurrency Laundering Services ‘AudiA6’ Used by Ransomware Gangs
Cyber Security News
Hackers Use Free Spotify Premium Hacks on TikTok and Instagram to Spread Vidar Infostealer
Cyber Security News
Solana FakeFix Campaign Uses 25 Malicious npm and PyPI Packages to Steal Developer Secrets
Cyber Security News
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code
Cyber Security News
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User