CVE-2026-27794

MEDIUM EPSS 48.4%
Published Feb 25, 20264mo ago · Modified Apr 15, 20262mo ago
6.6 CVSS 3.1
Medium
Find Similar
Published Feb 25, 2026 4mo ago
Last Modified Apr 15, 2026 2mo ago

Description

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via `CachePolicy`. Prior to `langgraph-checkpoint` 4.0.0, `BaseCache` defaults to `JsonPlusSerializer(pickle_fallback=True)`. When msgpack serialization fails, cached values can be deserialized via `pickle.loads(...)`. Caching is not enabled by default. Applications are affected only when the application explicitly enables a cache backend (for example by passing `cache=...` to `StateGraph.compile(...)` or otherwise configuring a `BaseCache` implementation), one or more nodes opt into caching via `CachePolicy`, and the attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file). An attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them. This typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume). Because exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector. LangGraph Checkpoint 4.0.0 patches the issue.

CVSS Details

Base Score
6.6
Exploitability
0.7
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
48.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

References 4

  • github.com https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c
  • github.com https://github.com/langchain-ai/langgraph/pull/6677
  • github.com https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D4.0.0
  • github.com https://github.com/langchain-ai/langgraph/security/advisories/GHSA-mhr3-j7m5-c7c9

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.