{"data":{"id":"93e04f56-e035-429d-95fe-59a44303c922","title":"LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution","summary":"LangGraph, an open-source framework for building AI agent applications, has three patched security flaws that could allow attackers to execute remote code (run commands on a server they don't own) on self-hosted systems. The most critical flaw is a SQL injection vulnerability (weakness that lets attackers manipulate database queries) in the SQLite checkpoint system that can be chained with an unsafe deserialization vulnerability (flaw in how the system reconstructs data from storage) to gain complete control of affected servers.","solution":"Update to the following patched versions: langgraph-checkpoint-sqlite version 3.0.1 or later (fixes CVE-2025-67644), langgraph version 1.0.10 or later (fixes CVE-2026-28277), and @langchain/langgraph-checkpoint-redis version 1.0.1 or later (fixes CVE-2026-27022). Additionally, the source recommends implementing authentication for self-hosted LangGraph servers, avoiding long-lived static secrets, enforcing network segmentation, treating AI agents as privileged identities, and applying the principle of least privilege (PoLP) to limit the agent's access to only what it needs.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html","publishedAt":"2026-06-12T09:50:36.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangGraph","LangChain","langgraph-checkpoint-sqlite","langgraph","@langchain/langgraph-checkpoint-redis","LangSmith"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-12T09:50:36.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}