Ethical Hacking News
A recent discovery highlights the vulnerabilities of self-hosted AI agents using the LangGraph framework, exposing them to remote code execution threats. Understanding the identified flaws and taking proactive measures to secure applications is crucial for minimizing risks associated with these vulnerabilities.
The LangGraph framework has been found to be vulnerable to multiple security flaws.Three critical vulnerabilities have been identified in LangGraph, which can be chained together for remote code execution.CVE-2025-67644 allows attackers to manipulate SQL queries through metadata filter keys.CVE-2026-28277 involves unsafe msgpack deserialization and object reconstruction.CVE-2026-27022 is a RediSearch Query Injection that enables bypassing access controls.The potential for remote code execution poses significant risks to LangGraph applications.Security researcher Yarden Porat discovered and reported the vulnerabilities.
The cyber threat landscape is ever-evolving, and a recent discovery highlights the risks of self-hosted AI agents being exploited for remote code execution. The LangGraph framework, designed to build complex artificial intelligence applications, has been found to be vulnerable to multiple security flaws, leaving its users exposed to potential attacks.
LangGraph, an open-source platform created by LangChain, aims to provide a scalable and stateful environment for multi-agent AI applications. However, the recent revelations demonstrate that this ambition comes with significant security risks. According to Check Point, a renowned cybersecurity firm, three critical vulnerabilities have been identified in LangGraph, which can be chained together to achieve remote code execution.
The first vulnerability, CVE-2025-67644, is related to SQL injection and allows attackers to manipulate SQL queries through metadata filter keys. This flaw affects versions of langgraph-checkpoint-sqlite before 3.0.1. The second vulnerability, CVE-2026-28277, involves unsafe msgpack deserialization, which can be exploited to trigger object reconstruction when an attacker modifies checkpoint data. This vulnerability impacts LangGraph versions prior to 1.0.10. The third and most concerning flaw, CVE-2026-27022, is a RediSearch Query Injection in @langchain/langgraph-checkpoint-redis that enables bypassing access controls. This vulnerability affects versions of @langchain/langgraph-checkpoint-redis before 1.0.1.
The potential for remote code execution poses significant risks to the security and integrity of LangGraph applications. According to Check Point, the vulnerability chain is exploitable in self-hosted deployments using the SQLite or Redis checkpointer with user-controlled filter input. However, LangChain's managed platform, known as LangSmith Deployment, is not affected by these vulnerabilities.
Security researcher Yarden Porat discovered and reported all three flaws, highlighting the importance of vigilance in identifying and addressing security vulnerabilities. The attack chain for remote code execution involves several steps:
1. Preparing a malicious msgpack payload containing instructions to execute arbitrary code.
2. Sending a malicious filter parameter that exploits the SQL injection vulnerability to return a fake checkpoint row to the database query results, where the checkpoint column contains attacker-controlled serialized data.
3. When the application processes the query results, it deserializes the malicious checkpoint's BLOB.
4. The attacker exploits the unsafe deserialization vulnerability to execute the attacker's payload, resulting in remote code execution on the server.
These vulnerabilities highlight the need for users of LangGraph to take immediate action and apply the latest fixes to protect their applications from potential attacks. Furthermore, it is recommended that users implement authentication for self-hosted LangGraph servers, avoid long-lived static secrets, enforce network segmentation, treat AI agents as privileged identities, and apply the principle of least privilege (PoLP) to limit the agent's access footprint.
The discovery of these vulnerabilities serves as a reminder of the importance of cybersecurity awareness and the need for constant vigilance in identifying and addressing potential security threats. By taking proactive measures to secure their LangGraph applications, users can minimize the risks associated with these vulnerabilities and ensure the integrity and security of their AI-powered systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Exposing-the-Shadows-LangGraphs-Self-Hosted-AI-Agents-Vulnerable-to-Remote-Code-Execution-ehn.shtml
https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html
https://nvd.nist.gov/vuln/detail/CVE-2025-67644
https://www.cvedetails.com/cve/CVE-2025-67644/
https://nvd.nist.gov/vuln/detail/CVE-2026-28277
https://www.cvedetails.com/cve/CVE-2026-28277/
https://nvd.nist.gov/vuln/detail/CVE-2026-27022
https://www.cvedetails.com/cve/CVE-2026-27022/
Published: Fri Jun 12 05:21:41 2026 by llama3.2 3B Q4_K_M
