CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 13, 2026

Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control - CyberSecurityNews

CyberSecurityNews Archived Jun 13, 2026 ✓ Full text saved

Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control CyberSecurityNews

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control By Abinaya June 12, 2026 A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control through remote code execution (RCE). The issue, identified by Check Point Research, highlights how traditional vulnerabilities can become significantly more dangerous when embedded in AI-driven systems that manage sensitive data and workflows. LangGraph is widely used to build stateful AI agents that can manage multi-step processes using large language models (LLMs). With around 46.5 million monthly downloads, the framework is deployed across thousands of production environments, including enterprise automation, customer support systems, and internal business applications. Vulnerability Chain in LangGraph This widespread adoption increases the potential impact of any security weakness. The vulnerability originates in LangGraph’s checkpointing mechanism, which stores and retrieves the execution state of AI agents. LangGraph’s SQLite checkpointer stores agent state, checkpoints, and metadata (source: Checkpoint ) Checkpoint researchers found that the get_state_history() function contains an SQL injection flaw in its filter parameter, allowing attackers to manipulate database queries. While SQL injection alone is a serious issue, the risk becomes critical when combined with a second flaw involving unsafe msgpack deserialization. By chaining these vulnerabilities, an attacker can inject malicious data into the system and cause it to execute during deserialization. This results in full remote code execution on the server. The attack path demonstrates how multiple moderate flaws can combine into a severe compromise when they exist within core components of AI frameworks. Three CVEs have been assigned to track the vulnerabilities. CVE-2025-67644: SQLite injection vulnerability in the checkpointer component. CVE-2026-28277: Remote code execution via msgpack deserialization. CVE-2026-27022: Redis injection vulnerability in alternative checkpointer backend. The vulnerability chain primarily affects self-hosted deployments that use SQLite or Redis checkpointers with user-controlled input. Attack chain (source: Checkpoint ) LangChain’s managed platform, LangSmith, is not impacted. If exploited, attackers can gain access to sensitive assets managed by the AI agent. This includes LLM API keys, customer data, conversation histories, and credentials connected to external systems such as CRMs and internal APIs. Additionally, the compromised server can serve as a pivot point for further attacks on internal networks, significantly expanding the threat scope. All vulnerabilities have been patched, and users are strongly advised to upgrade immediately. Secure versions include langgraph-checkpoint-sqlite 3.0.1 or later, langgraph 1.0.10 or later, and langgraph-checkpoint-redis 1.0.2 or later. This discovery reinforces a growing concern in AI security: traditional vulnerabilities like SQL injection can have far more severe consequences when they exist in systems that operate with elevated privileges and broad access to sensitive data. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Windows RDP Vulnerabilities Allow Attacker to Expose Sensitive Data Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications Authorities Dismantle Cryptocurrency Laundering Services ‘AudiA6’ Used by Ransomware Gangs Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters GoFlateLoader Uses Massive PE Overlay to Deliver Lumma, Vidar, and StealC Infostealers Latest News Cyber Security News Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection Cyber Security News Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets Cyber Security News Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications Tech News Facebook and Instagram Down Globally, Users Reporting Multiple Issues Cyber Security Google Sues Chinese Cybercrime Network for Using Gemini AI to Launch Cyberattacks
    💬 Team Notes
    Article Info
    Source
    CyberSecurityNews
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 13, 2026
    Archived
    Jun 13, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗