CVE-2026-27022
📋 TL;DR
A query injection vulnerability in @langchain/langgraph-checkpoint-redis allows attackers to manipulate RediSearch queries by injecting special syntax characters in filter parameters. This can bypass access controls and potentially expose or modify checkpoint data. Users of LangGraph with Redis checkpointing are affected.
💻 Affected Systems
- @langchain/langgraph-checkpoint-redis
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of checkpoint data including unauthorized access, modification, or deletion of all stored checkpoints, potentially leading to data integrity issues or service disruption.
Likely Case
Unauthorized access to checkpoint data that should be restricted, potentially exposing sensitive application state or workflow information.
If Mitigated
Limited data exposure if proper input validation and query escaping are implemented at the application layer.
🎯 Exploit Status
Requires understanding of RediSearch query syntax and ability to control filter parameters. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.2
Vendor Advisory: https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m
Restart Required: Yes
Instructions:
1. Update package: npm update @langchain/langgraph-checkpoint-redis@1.0.2
2. Restart application services
3. Verify no breaking changes in your implementation
🔧 Temporary Workarounds
Input Validation
allImplement strict input validation on all filter parameters before passing to RedisSaver/ShallowRedisSaver
Application-Level Escaping
allEscape RediSearch special characters in user input before constructing queries
🧯 If You Can't Patch
- Implement strict input validation to reject filter parameters containing RediSearch special characters
- Use application-level access controls to limit which users can query checkpoints
🔍 How to Verify
Check if Vulnerable:
Check package.json for @langchain/langgraph-checkpoint-redis version. If version < 1.0.2 and using filter functionality, you are vulnerable.Check Version:
npm list @langchain/langgraph-checkpoint-redisVerify Fix Applied:
Confirm package version is 1.0.2 or higher and test filter functionality with special characters to ensure proper escaping.📡 Detection & Monitoring
Log Indicators:
- Unusual query patterns in Redis logs
- Failed query attempts with special characters
- Unexpected checkpoint access patterns
Network Indicators:
- Unusual Redis query traffic patterns
- Multiple failed query attempts
SIEM Query:
source="redis" AND (query="*[\" OR \"]*" OR query="*[\" AND \"]*")🔗 References
- https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1
- https://github.com/langchain-ai/langgraphjs/pull/1943
- https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2
- https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m
