Forensic Summary
Check Point Research disclosed three vulnerabilities in LangGraph's persistence layer, two of which chain together to achieve remote code execution: a SQL injection flaw in the SQLite checkpointer (CVE-2025-67644) and an unsafe msgpack deserialization bug (CVE-2026-28277). A third parallel injection vulnerability (CVE-2026-27022) affects the Redis checkpointer. With over 50 million monthly downloads, self-hosted LangGraph deployments exposing user-controlled state history filters are directly at risk.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/langgraph-checkpointer-vulnerabilities-chain-sqli-to-full-rce/
Top comments (0)