{"id":271034,"date":"2026-06-12T05:50:00","date_gmt":"2026-06-12T09:50:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/12\/langgraph-flaw-chain-exposes-self-hosted-ai-agents-to-remote-code-execution\/"},"modified":"2026-06-12T06:35:23","modified_gmt":"2026-06-12T10:35:23","slug":"langgraph-flaw-chain-exposes-self-hosted-ai-agents-to-remote-code-execution","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/12\/langgraph-flaw-chain-exposes-self-hosted-ai-agents-to-remote-code-execution\/","title":{"rendered":"LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/langgraph-flaw-chain-exposes-self.html\">LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/langgraph-flaw-chain-exposes-self.html\">https:\/\/thehackernews.com\/2026\/06\/langgraph-flaw-chain-exposes-self.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-12 05:50:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jun 12, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ AI Security<\/span><\/p>\n<p>Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.<\/p>\n<p>LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications.<\/p>\n<p>&#8220;An SQL injection in LangGraph&#8217;s function could allow attackers to gain full control via remote code execution of a server by exploiting weaknesses in how the system processes and handles data,&#8221; Check Point said.<\/p>\n<p>The list of identified vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li>CVE-2025-67644 (CVSS score: 7.3) &#8211; A SQL injection vulnerability exists in LangGraph&#8217;s SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. (Affects langgraph-checkpoint-sqlite versions before 3.0.1)<\/li>\n<li>CVE-2026-28277 (CVSS score: 6.8) &#8211; An unsafe msgpack deserialization vulnerability in LangGraph that could be used to trigger object reconstruction when a checkpoint is loaded by an attacker who can modify checkpoint data. (Affects langgraph versions before 1.0.10)<\/li>\n<li>CVE-2026-27022 (CVSS score: 6.5) &#8211; A RediSearch Query Injection in @langchain\/langgraph-checkpoint-redis that can be used to bypass access controls. (Affects @langchain\/langgraph-checkpoint-redis versions before 1.0.1)<\/li>\n<\/ul>\n<p>&#8220;The vulnerability chain is exploitable in self-hosted deployments using the SQLite or Redis checkpointer with user-controlled filter input,&#8221; Check Point said. &#8220;LangChain&#8217;s managed platform (LangSmith Deployment), is not affected.&#8221;<\/p>\n<p>Security researcher Yarden Porat, who is credited with discovering and reporting all three flaws, said CVE-2025-67644 and CVE-2026-28277 could be chained to achieve remote code execution.<\/p>\n<p>Specifically, the attack chain hinges on the application exposing the get_state_history() endpoint, which then allows an attacker to retrieve&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/langgraph-flaw-chain-exposes-self.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution https:\/\/thehackernews.com\/2026\/06\/langgraph-flaw-chain-exposes-self.html Publish Date: 2026-06-12&#8230;<\/p>\n","protected":false},"author":1,"featured_media":271036,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEifnUd6CRFC-YdhoEDgmNoLtKUYjbZvqQJOETqK59Zd5Pk_epd9uGMfPCrujB3grOrajNxMls_p7TWQwnyCxFo1Ou8MM70yUh3dP04776sp-xk3O8544Z9YD-v_konqCTv1eX_42iMBkr4j5c-h0_I5dyBWvrr_3jrphGH3xLcZgaDAN1uH8OA5rWerJE5B\/s1600\/langgraph.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,27],"class_list":["post-271034","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271034"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=271034"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271034\/revisions"}],"predecessor-version":[{"id":271038,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271034\/revisions\/271038"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/271036"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=271034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=271034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=271034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}