Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: python312Packages.langgraph-checkpoint

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-27794
6.6 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 3 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 3 months, 3 weeks ago
  • @LeSuisse ignored
    9 packages
    • python312Packages.langgraph-checkpoint-sqlite
    • python313Packages.langgraph-checkpoint-sqlite
    • python314Packages.langgraph-checkpoint-sqlite
    • python312Packages.langgraph-checkpoint-mongodb
    • python313Packages.langgraph-checkpoint-mongodb
    • python314Packages.langgraph-checkpoint-mongodb
    • python312Packages.langgraph-checkpoint-postgres
    • python313Packages.langgraph-checkpoint-postgres
    • python314Packages.langgraph-checkpoint-postgres
    3 months, 3 weeks ago
  • @LeSuisse accepted 3 months, 3 weeks ago
  • @LeSuisse published on GitHub 3 months, 3 weeks ago
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via `CachePolicy`. Prior to `langgraph-checkpoint` 4.0.0, `BaseCache` defaults to `JsonPlusSerializer(pickle_fallback=True)`. When msgpack serialization fails, cached values can be deserialized via `pickle.loads(...)`. Caching is not enabled by default. Applications are affected only when the application explicitly enables a cache backend (for example by passing `cache=...` to `StateGraph.compile(...)` or otherwise configuring a `BaseCache` implementation), one or more nodes opt into caching via `CachePolicy`, and the attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file). An attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them. This typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume). Because exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector. LangGraph Checkpoint 4.0.0 patches the issue.

Affected products

langgraph-checkpoint
  • ==< 4.0.0

Matching in nixpkgs

Ignored packages (9)

Package maintainers

Upstream advisory: https://github.com/langchain-ai/langgraph/security/advisories/GHSA-mhr3-j7m5-c7c9