LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
6월 12, 2026
Vulnerability / AI Security
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph , including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications. "An SQL injection in LangGraph's function could allow attackers to gain full control via remote code execution of a server by exploiting weaknesses in how the system processes and handles data," Check Point said . The list of identified vulnerabilities is as follows - CVE-2025-67644 (CVSS score: 7.3) - A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. (Affects langgraph-checkpoint-sqlite versions before 3.0.1) CVE-2026-28277 (CVSS score: 6.8) - An unsafe msgpack deserialization vulnerability in LangG...
