Vulnerability Description
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via `CachePolicy`. Prior to `langgraph-checkpoint` 4.0.0, `BaseCache` defaults to `JsonPlusSerializer(pickle_fallback=True)`. When msgpack serialization fails, cached values can be deserialized via `pickle.loads(...)`. Caching is not enabled by default. Applications are affected only when the application explicitly enables a cache backend (for example by passing `cache=...` to `StateGraph.compile(...)` or otherwise configuring a `BaseCache` implementation), one or more nodes opt into caching via `CachePolicy`, and the attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file). An attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them. This typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume). Because exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector. LangGraph Checkpoint 4.0.0 patches the issue.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0b
- https://github.com/langchain-ai/langgraph/pull/6677
- https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D4.0.0
- https://github.com/langchain-ai/langgraph/security/advisories/GHSA-mhr3-j7m5-c7c
FAQ
What is CVE-2026-27794?
CVE-2026-27794 is a vulnerability with a CVSS score of 6.6 (MEDIUM). LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable ...
How severe is CVE-2026-27794?
CVE-2026-27794 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27794?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.