CVE-2026-28277
📋 TL;DR
CVE-2026-28277 is a deserialization vulnerability in LangGraph SQLite Checkpoint that allows arbitrary code execution when loading maliciously crafted checkpoint data. Attackers who gain write access to the SQLite database can inject payloads that execute during deserialization. This affects users of LangGraph versions 1.0.9 and earlier who use SQLite checkpointing.
💻 Affected Systems
- LangGraph SQLite Checkpoint
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full remote code execution with the privileges of the LangGraph process, potentially leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Limited code execution within the application context if attackers gain database write access through other vulnerabilities or misconfigurations.
If Mitigated
No impact if database access is properly secured and checkpoint data cannot be modified by unauthorized users.
🎯 Exploit Status
Exploitation requires write access to the SQLite database and knowledge of msgpack serialization vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None
Vendor Advisory: https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844
Restart Required: Yes
Instructions:
No official patch available. Monitor the LangGraph repository for updates and apply when released.
🔧 Temporary Workarounds
Disable SQLite Checkpointing
allSwitch to alternative checkpointing methods or disable checkpointing entirely if not required.
Modify LangGraph configuration to use different checkpointers or set checkpointing to false
Database Access Controls
linuxRestrict write access to SQLite database files to only trusted processes and users.
chmod 600 checkpoint.db
chown appuser:appgroup checkpoint.db
🧯 If You Can't Patch
- Implement strict database access controls and monitor for unauthorized modifications
- Use application-level encryption for checkpoint data to detect tampering
🔍 How to Verify
Check if Vulnerable:
Check if using LangGraph SQLite Checkpoint version 1.0.9 or earlier by examining package dependencies.Check Version:
pip show langgraph-sqlite-checkpoint | grep VersionVerify Fix Applied:
Verify upgraded to version after 1.0.9 when available and confirm SQLite checkpointing is properly configured.📡 Detection & Monitoring
Log Indicators:
- Unexpected Python object reconstruction errors
- Database modification timestamps from unauthorized sources
Network Indicators:
- Unusual database connection patterns
- SQLite file transfers to unexpected destinations
SIEM Query:
source="application.log" AND "msgpack" AND "deserialization error"