CVE-2026-28277

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-28277

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28277.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-28277

Aliases

Published

2026-03-05T19:10:36.865Z

Modified

2026-05-20T08:11:03.099877890Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

Details

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.

Database specific

{
    "cwe_ids": [
        "CWE-502"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28277.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/langchain-ai/langgraph

Affected ranges

Type

GIT

Repo

https://github.com/langchain-ai/langgraph

Events

Introduced

Last affected

ea0418334bff5dc2ea852282517c3e139353f5a7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.9"
        }
    ]
}

Affected versions

0.*

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.10

0.2.11

0.2.12

0.2.13

0.2.15

0.2.16

0.2.17

0.2.18

0.2.19

0.2.2

0.2.20

0.2.21

0.2.22

0.2.23

0.2.24

0.2.25

0.2.26

0.2.27

0.2.28

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.9

checkpoint==1.*

checkpoint==1.0.0

checkpoint==1.0.1

checkpoint==1.0.10

checkpoint==1.0.11

checkpoint==1.0.12

checkpoint==1.0.2

checkpoint==1.0.3

checkpoint==1.0.4

checkpoint==1.0.7

checkpoint==1.0.8

checkpoint==1.0.9

checkpointpostgres==1.*

checkpointpostgres==1.0.0

checkpointpostgres==1.0.1

checkpointpostgres==1.0.2

checkpointpostgres==1.0.3

checkpointpostgres==1.0.4

checkpointpostgres==1.0.5

checkpointpostgres==1.0.6

checkpointpostgres==1.0.7

checkpointpostgres==1.0.8

checkpointpostgres==1.0.9

checkpointsqlite==1.*

checkpointsqlite==1.0.0

checkpointsqlite==1.0.1

checkpointsqlite==1.0.2

checkpointsqlite==1.0.3

checkpointsqlite==1.0.4

cli==0.*

cli==0.1.40

cli==0.1.41

cli==0.1.42

cli==0.1.44

cli==0.1.45

cli==0.1.45a0

cli==0.1.45a1

cli==0.1.46

cli==0.1.47

cli==0.1.48

cli==0.1.49

cli==0.1.50

cli==0.1.51

cli==0.1.52

langgraph-cli==0.*

langgraph-cli==0.1.39

sdk==0.*

sdk==0.1.23

sdk==0.1.24

sdk==0.1.25

sdk==0.1.26

sdk==0.1.27

sdk==0.1.28

sdk==0.1.29

sdk==0.1.30

sdk==0.1.31

v0.*

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28277.json"