CVE-2026-27794
📋 TL;DR
LangGraph Checkpoint versions before 4.0.0 contain a remote code execution vulnerability in the caching layer when applications enable cache backends and opt nodes into caching. Attackers who can write malicious data to the cache backend (like Redis with weak authentication or writable SQLite files) can execute arbitrary code when the LangGraph process deserializes that data. Only applications explicitly configuring cache backends and enabling node caching are affected.
💻 Affected Systems
- LangGraph Checkpoint
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining code execution privileges equal to the LangGraph process, potentially leading to data theft, lateral movement, or complete system takeover.
Likely Case
Post-compromise privilege escalation where an attacker with initial access to cache infrastructure can execute arbitrary code on systems running vulnerable LangGraph applications.
If Mitigated
No impact if cache backends are properly secured with authentication, access controls, and network segmentation preventing unauthorized write access.
🎯 Exploit Status
Exploitation requires write access to cache storage layer, making this a post-compromise vector. Attack complexity depends on cache backend accessibility and permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.0.0
Vendor Advisory: https://github.com/langchain-ai/langgraph/security/advisories/GHSA-mhr3-j7m5-c7c9
Restart Required: Yes
Instructions:
1. Update langgraph-checkpoint to version 4.0.0 or later using pip: pip install --upgrade langgraph-checkpoint>=4.0.0 2. Restart all LangGraph applications 3. Verify the update was successful
🔧 Temporary Workarounds
Disable caching
allRemove cache configuration from LangGraph applications to eliminate the vulnerable code path
Remove cache=... parameter from StateGraph.compile() calls
Remove CachePolicy configurations from nodes
Secure cache backends
allImplement strict access controls on cache infrastructure to prevent unauthorized writes
Redis: requirepass configuration with strong passwords
SQLite: set file permissions to read-only for LangGraph process
Network caches: implement firewall rules and authentication
🧯 If You Can't Patch
- Disable all caching functionality in LangGraph applications
- Implement network segmentation and strict access controls on all cache backends
🔍 How to Verify
Check if Vulnerable:
Check if langgraph-checkpoint version is below 4.0.0 and application uses cache backends with CachePolicyCheck Version:
pip show langgraph-checkpoint | grep VersionVerify Fix Applied:
Verify langgraph-checkpoint version is 4.0.0 or higher and review code for removed cache configurations📡 Detection & Monitoring
Log Indicators:
- Unexpected cache deserialization errors
- Unusual cache write patterns from unauthorized sources
- Process execution anomalies following cache reads
Network Indicators:
- Unauthorized connections to cache backends
- Suspicious data writes to Redis/SQLite cache endpoints
SIEM Query:
Process execution events following cache read operations from LangGraph applications🔗 References
- https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c
- https://github.com/langchain-ai/langgraph/pull/6677
- https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D4.0.0
- https://github.com/langchain-ai/langgraph/security/advisories/GHSA-mhr3-j7m5-c7c9
