{"data":{"id":"770cb231-cea6-47f3-a439-e4d66214e192","title":"GHSA-mhr3-j7m5-c7c9: LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution ","summary":"LangGraph versions before 4.0.0 have a remote code execution vulnerability in their caching layer when applications enable cache backends and opt nodes into caching. The vulnerability occurs because the default serializer uses pickle deserialization (a Python feature that can execute arbitrary code) as a fallback when other serialization methods fail, allowing attackers who can write to the cache to execute malicious code.","solution":"Upgrade to langgraph-checkpoint>=4.0.0, which disables pickle fallback by default (pickle_fallback=False).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mhr3-j7m5-c7c9","publishedAt":"2026-02-25T22:59:12.000Z","cveId":"CVE-2026-27794","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":["langgraph-checkpoint@< 4.0.0 (fixed: 4.0.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangGraph","LangChain"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00322,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}