{"data":{"id":"59446259-e262-48c6-a95d-ed66daa7ba64","title":"GHSA-5mx2-w598-339m: RediSearch Query Injection in @langchain/langgraph-checkpoint-redis","summary":"A query injection vulnerability exists in the `@langchain/langgraph-checkpoint-redis` package, where user-provided filter values are not properly escaped when constructing RediSearch queries (a search system built on Redis). Attackers can inject RediSearch syntax characters (like the OR operator `|`) into filter values to bypass thread isolation controls and access checkpoint data from other users or threads they shouldn't be able to see.","solution":"The 1.0.2 patch introduces an `escapeRediSearchTagValue()` function that properly escapes all RediSearch special characters (- . < > { } [ ] \" ' : ; ! @ # $ % ^ & * ( ) + = ~ | \\ ? /) by prefixing them with backslashes, and applies this escaping to all filter keys used in query construction.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5mx2-w598-339m","publishedAt":"2026-02-18T22:40:09.000Z","cveId":"CVE-2026-27022","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":["@langchain/langgraph-checkpoint-redis@< 1.0.2 (fixed: 1.0.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","@langchain/langgraph-checkpoint-redis"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00035,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}