CVE-2026-27794

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-27794

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27794.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-27794

Aliases

GHSA-mhr3-j7m5-c7c9

Published

2026-02-25T16:53:47.176Z

Modified

2026-03-01T01:34:31.956908Z

Severity

6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

Details

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializer(pickle_fallback=True). When msgpack serialization fails, cached values can be deserialized via pickle.loads(...). Caching is not enabled by default. Applications are affected only when the application explicitly enables a cache backend (for example by passing cache=... to StateGraph.compile(...) or otherwise configuring a BaseCache implementation), one or more nodes opt into caching via CachePolicy, and the attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file). An attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them. This typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume). Because exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector. LangGraph Checkpoint 4.0.0 patches the issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-502"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27794.json"
}

References

Affected packages

Git / github.com/langchain-ai/langgraph

Affected ranges

Type: GIT
Repo: https://github.com/langchain-ai/langgraph
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c

Affected versions

0.*

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.10

0.2.11

0.2.12

0.2.13

0.2.15

0.2.16

0.2.17

0.2.18

0.2.19

0.2.2

0.2.20

0.2.21

0.2.22

0.2.23

0.2.24

0.2.25

0.2.26

0.2.27

0.2.28

0.2.29

0.2.3

0.2.30

0.2.31

0.2.32

0.2.33

0.2.34

0.2.35

0.2.36

0.2.37

0.2.38

0.2.39

0.2.4

0.2.40

0.2.41

0.2.42

0.2.43

0.2.44

0.2.45

0.2.46

0.2.47

0.2.48

0.2.49

0.2.5

0.2.50

0.2.51

0.2.52

0.2.53

0.2.54

0.2.55

0.2.56

0.2.57

0.2.58

0.2.59

0.2.6

0.2.60

0.2.61

0.2.62

0.2.63

0.2.64

0.2.65

0.2.66

0.2.67

0.2.68

0.2.69

0.2.7

0.2.70

0.2.71

0.2.72

0.2.73

0.2.74

0.2.75

0.2.76

0.2.9

0.3.0

0.3.1

0.3.10

0.3.11

0.3.12

0.3.13

0.3.14

0.3.15

0.3.16

0.3.17

0.3.18

0.3.19

0.3.2

0.3.20

0.3.21

0.3.22

0.3.23

0.3.24

0.3.25

0.3.26

0.3.27

0.3.28

0.3.29

0.3.3

0.3.30

0.3.31

0.3.32

0.3.34

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.5.0

0.5.0rc0

0.5.0rc1

0.5.1

0.5.2

0.5.3

0.5.4

0.6.0

0.6.0a1

0.6.0a2

0.6.1

0.6.10

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

1.*

1.0.0

1.0.0rc1

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

checkpoint==1.*

checkpoint==1.0.0

checkpoint==1.0.1

checkpoint==1.0.10

checkpoint==1.0.11

checkpoint==1.0.12

checkpoint==1.0.13

checkpoint==1.0.14

checkpoint==1.0.2

checkpoint==1.0.3

checkpoint==1.0.4

checkpoint==1.0.7

checkpoint==1.0.8

checkpoint==1.0.9

checkpoint==2.*

checkpoint==2.0.0

checkpoint==2.0.1

checkpoint==2.0.10

checkpoint==2.0.12

checkpoint==2.0.13

checkpoint==2.0.14

checkpoint==2.0.15

checkpoint==2.0.16

checkpoint==2.0.17

checkpoint==2.0.18

checkpoint==2.0.19

checkpoint==2.0.2

checkpoint==2.0.20

checkpoint==2.0.21

checkpoint==2.0.22

checkpoint==2.0.23

checkpoint==2.0.24

checkpoint==2.0.25

checkpoint==2.0.26

checkpoint==2.0.3

checkpoint==2.0.4

checkpoint==2.0.5

checkpoint==2.0.6

checkpoint==2.0.7

checkpoint==2.0.8

checkpoint==2.0.9

checkpoint==2.1.0

checkpoint==2.1.1

checkpoint==2.1.2

checkpoint==3.*

checkpoint==3.0.0

checkpoint==3.0.1

checkpointduckdb==2.*

checkpointduckdb==2.0.0

checkpointduckdb==2.0.1

checkpointduckdb==2.0.2

checkpointpostgres==1.*

checkpointpostgres==1.0.0

checkpointpostgres==1.0.1

checkpointpostgres==1.0.10

checkpointpostgres==1.0.11

checkpointpostgres==1.0.2

checkpointpostgres==1.0.3

checkpointpostgres==1.0.4

checkpointpostgres==1.0.5

checkpointpostgres==1.0.6

checkpointpostgres==1.0.7

checkpointpostgres==1.0.8

checkpointpostgres==1.0.9

checkpointpostgres==2.*

checkpointpostgres==2.0.0

checkpointpostgres==2.0.1

checkpointpostgres==2.0.10

checkpointpostgres==2.0.11

checkpointpostgres==2.0.12

checkpointpostgres==2.0.13

checkpointpostgres==2.0.14

checkpointpostgres==2.0.15

checkpointpostgres==2.0.16

checkpointpostgres==2.0.17

checkpointpostgres==2.0.18

checkpointpostgres==2.0.19

checkpointpostgres==2.0.2

checkpointpostgres==2.0.20

checkpointpostgres==2.0.21

checkpointpostgres==2.0.22

checkpointpostgres==2.0.23

checkpointpostgres==2.0.24

checkpointpostgres==2.0.25

checkpointpostgres==2.0.3

checkpointpostgres==2.0.4

checkpointpostgres==2.0.5

checkpointpostgres==2.0.6

checkpointpostgres==2.0.7

checkpointpostgres==2.0.8

checkpointpostgres==2.0.9

checkpointpostgres==3.*

checkpointpostgres==3.0.0

checkpointpostgres==3.0.1

checkpointpostgres==3.0.2

checkpointsqlite==1.*

checkpointsqlite==1.0.0

checkpointsqlite==1.0.1

checkpointsqlite==1.0.2

checkpointsqlite==1.0.3

checkpointsqlite==1.0.4

checkpointsqlite==2.*

checkpointsqlite==2.0.0

checkpointsqlite==2.0.1

checkpointsqlite==2.0.10

checkpointsqlite==2.0.11

checkpointsqlite==2.0.2

checkpointsqlite==2.0.3

checkpointsqlite==2.0.4

checkpointsqlite==2.0.5

checkpointsqlite==2.0.6

checkpointsqlite==2.0.7

checkpointsqlite==2.0.8

checkpointsqlite==2.0.9

checkpointsqlite==3.*

checkpointsqlite==3.0.0

checkpointsqlite==3.0.1

cli==0.*

cli==0.1.40

cli==0.1.41

cli==0.1.42

cli==0.1.44

cli==0.1.45

cli==0.1.45a0

cli==0.1.45a1

cli==0.1.46

cli==0.1.47

cli==0.1.48

cli==0.1.49

cli==0.1.50

cli==0.1.51

cli==0.1.52

cli==0.1.53

cli==0.1.54

cli==0.1.55

cli==0.1.55rc1

cli==0.1.56

cli==0.1.57

cli==0.1.58

cli==0.1.59

cli==0.1.60

cli==0.1.61

cli==0.1.62

cli==0.1.63

cli==0.1.64

cli==0.1.65

cli==0.1.66

cli==0.1.67

cli==0.1.68

cli==0.1.69

cli==0.1.70

cli==0.1.71

cli==0.1.72

cli==0.1.73

cli==0.1.74

cli==0.1.75

cli==0.1.76

cli==0.1.77

cli==0.1.78

cli==0.1.79

cli==0.1.80

cli==0.1.81

cli==0.1.82

cli==0.1.83

cli==0.1.84

cli==0.1.89

cli==0.2.1

cli==0.2.10

cli==0.2.11

cli==0.2.12

cli==0.2.2

cli==0.2.3

cli==0.2.4

cli==0.2.5

cli==0.2.6

cli==0.2.7

cli==0.2.8

cli==0.2.9

cli==0.3.1

cli==0.3.2

cli==0.3.3

cli==0.3.4

cli==0.3.5

cli==0.3.6

cli==0.3.7

cli==0.3.8

cli==0.4.0

cli==0.4.1

cli==0.4.10

cli==0.4.11

cli==0.4.2

cli==0.4.3

cli==0.4.4

cli==0.4.6

cli==0.4.8

cli==0.4.9

langgraph-cli==0.*

langgraph-cli==0.1.39

prebuilt==0.*

prebuilt==0.1.0

prebuilt==0.1.1

prebuilt==0.1.2

prebuilt==0.1.3

prebuilt==0.1.4

prebuilt==0.1.5

prebuilt==0.1.6

prebuilt==0.1.7

prebuilt==0.1.8

prebuilt==0.2.0

prebuilt==0.2.1

prebuilt==0.2.2

prebuilt==0.5.0

prebuilt==0.5.0rc0

prebuilt==0.5.1

prebuilt==0.5.2

prebuilt==0.6.0

prebuilt==0.6.0a1

prebuilt==0.6.1

prebuilt==0.6.2

prebuilt==0.6.3

prebuilt==0.6.4

prebuilt==0.7.0rc1

prebuilt==1.*

prebuilt==1.0.0

prebuilt==1.0.1

prebuilt==1.0.2

prebuilt==1.0.3

prebuilt==1.0.4

prebuilt==1.0.5

sdk==0.*

sdk==0.1.23

sdk==0.1.24

sdk==0.1.25

sdk==0.1.26

sdk==0.1.27

sdk==0.1.28

sdk==0.1.29

sdk==0.1.30

sdk==0.1.31

sdk==0.1.32

sdk==0.1.33

sdk==0.1.34

sdk==0.1.35

sdk==0.1.36

sdk==0.1.37

sdk==0.1.38

sdk==0.1.39

sdk==0.1.40

sdk==0.1.42

sdk==0.1.43

sdk==0.1.44

sdk==0.1.45

sdk==0.1.46

sdk==0.1.47

sdk==0.1.48

sdk==0.1.50

sdk==0.1.51

sdk==0.1.53

sdk==0.1.55

sdk==0.1.56

sdk==0.1.57

sdk==0.1.58

sdk==0.1.59

sdk==0.1.60

sdk==0.1.61

sdk==0.1.62

sdk==0.1.63

sdk==0.1.64

sdk==0.1.65

sdk==0.1.66

sdk==0.1.69

sdk==0.1.70

sdk==0.1.71

sdk==0.1.72

sdk==0.1.73

sdk==0.1.74

sdk==0.2.0

sdk==0.2.0a1

sdk==0.2.1

sdk==0.2.10

sdk==0.2.12

sdk==0.2.14

sdk==0.2.15

sdk==0.2.2

sdk==0.2.3

sdk==0.2.4

sdk==0.2.5

sdk==0.2.6

sdk==0.2.7

sdk==0.2.8

sdk==0.2.9

sdk==0.3.0

sdk==0.3.1

sdk==0.3.2

v0.*

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27794.json"