CVE-2026-27022
- Source
- https://cve.org/CVERecord?id=CVE-2026-27022
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27022.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27022
- Aliases
- Published
- 2026-02-20T21:06:53.773Z
- Modified
- 2026-03-03T02:56:14.816337Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- RediSearch Query Injection in @langchain/langgraph-checkpoint-redis
- Details
-
@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27022.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-74" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27022.json
- https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1
- https://github.com/langchain-ai/langgraphjs/pull/1943
- https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2
- https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m
- https://nvd.nist.gov/vuln/detail/CVE-2026-27022
Affected packages
Git / github.com/langchain-ai/langgraphjs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/langchain-ai/langgraphjs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.21
0.0.22
0.0.28
0.0.29
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.1.0
0.1.1
0.1.5
0.2.10
0.2.11
0.2.12
0.2.13
0.2.15
0.2.17
0.2.18
0.2.21
0.2.22
0.2.24
0.2.26
0.2.3
0.2.30
0.2.31
0.2.37
0.2.4
0.2.42
0.2.43
0.2.44
0.2.45
0.2.5
0.2.51
0.2.52
0.2.53
0.2.54
0.2.55
0.2.58
0.2.59
0.2.6
0.2.60
0.2.61
0.2.62
0.2.63
0.2.64
0.2.65
0.2.68
0.2.69
0.2.7
0.2.70
0.2.71
0.2.72
0.2.73
0.2.74
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.6
@langchain/langgraph-api@0.*
@langchain/langgraph-api@0.0.42
@langchain/langgraph-api@0.0.43
@langchain/langgraph-api@1.*
@langchain/langgraph-api@1.1.10
@langchain/langgraph-api@1.1.11
@langchain/langgraph-api@1.1.8
@langchain/langgraph-api@1.1.9
@langchain/langgraph-checkpoint-mongodb@1.*
@langchain/langgraph-checkpoint-mongodb@1.1.4
@langchain/langgraph-checkpoint-mongodb@1.1.5
@langchain/langgraph-checkpoint-mongodb@1.1.6
@langchain/langgraph-checkpoint-postgres==0.*
@langchain/langgraph-checkpoint-postgres==0.0.5
@langchain/langgraph-checkpoint-sqlite@1.*
@langchain/langgraph-checkpoint-sqlite@1.0.1
@langchain/langgraph-checkpoint-validation@1.*
@langchain/langgraph-checkpoint-validation@1.0.6
@langchain/langgraph-checkpoint-validation@1.0.7
@langchain/langgraph-checkpoint-validation@1.0.8
@langchain/langgraph-checkpoint-validation@1.0.9
@langchain/langgraph-cli@0.*
@langchain/langgraph-cli@0.0.42
@langchain/langgraph-cli@0.0.43
@langchain/langgraph-cli@1.*
@langchain/langgraph-cli@1.1.10
@langchain/langgraph-cli@1.1.11
@langchain/langgraph-cli@1.1.8
@langchain/langgraph-cli@1.1.9
@langchain/langgraph-sdk@0.*
@langchain/langgraph-sdk@0.0.90
@langchain/langgraph-sdk@1.*
@langchain/langgraph-sdk@1.4.4
@langchain/langgraph-sdk@1.4.5
@langchain/langgraph-sdk@1.4.6
@langchain/langgraph-sdk@1.5.0
@langchain/langgraph-sdk@1.5.1
@langchain/langgraph-sdk@1.5.2
@langchain/langgraph-sdk@1.5.3
@langchain/langgraph-sdk@1.5.4
@langchain/langgraph-sdk@1.5.5
@langchain/langgraph-ui@0.*
@langchain/langgraph-ui@0.0.42
@langchain/langgraph-ui@0.0.43
@langchain/langgraph-ui@1.*
@langchain/langgraph-ui@1.1.10
@langchain/langgraph-ui@1.1.11
@langchain/langgraph-ui@1.1.8
@langchain/langgraph-ui@1.1.9
@langchain/langgraph@1.*
@langchain/langgraph@1.0.12
@langchain/langgraph@1.0.13
@langchain/langgraph@1.0.14
@langchain/langgraph@1.0.15
@langchain/langgraph@1.1.0
@langchain/langgraph@1.1.1
@langchain/langgraph@1.1.2
@langchain/langgraph@1.1.3
@langgraph-supervisor@0.*
@langgraph-supervisor@0.0.14
checkpoint-mongodb=0.*
checkpoint-mongodb=0.0.5
checkpoint-mongodb==0.*
checkpoint-mongodb==0.0.6
checkpoint-postgres==0.*
checkpoint-postgres==0.0.3
checkpoint-postgres==0.0.5
checkpoint-sqlite==0.*
checkpoint-sqlite==0.1.4
checkpoint-sqlite==0.1.5
checkpoint==0.*
checkpoint==0.0.15
checkpoint==0.0.16
checkpoint==0.0.18
create-langgraph@1.*
create-langgraph@1.1.3
create-langgraph@1.1.4
create-langgraph@1.1.5
cua==0.*
cua==0.0.6
supervisor==0.*
supervisor==0.0.10
supervisor==0.0.11
supervisor==0.0.12
supervisor==0.0.13
supervisor==0.0.14
supervisor==0.0.5
supervisor==0.0.6
supervisor==0.0.7
supervisor==0.0.8
supervisor==0.0.9
swarm==0.*
swarm==0.0.1
swarm==0.0.2
swarm==0.0.3
swarm==0.0.4