{"data":{"id":"aa45a4b8-79ee-4dd6-888e-469b8d036c45","title":"LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks","summary":"Security researchers discovered three vulnerabilities in LangChain and LangGraph, widely used open-source frameworks for building AI applications, that could expose sensitive files, environment secrets (like API keys), and conversation histories if exploited. The flaws include a path traversal vulnerability (allows access to files without permission), a deserialization vulnerability (tricks the app into exposing secrets), and an SQL injection vulnerability (lets attackers manipulate database queries). These vulnerabilities affect millions of weekly downloads across enterprise systems.","solution":"The vulnerabilities have been patched in the following versions: CVE-2026-34070 in langchain-core >=1.2.22; CVE-2025-68664 in langchain-core 0.3.81 and 1.2.5; and CVE-2025-67644 in langgraph-checkpoint-sqlite 3.0.1. Users should apply these patches as soon as possible for optimal protection.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.html","publishedAt":"2026-03-27T08:07:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","data_extraction","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain","LlamaIndex"],"affectedVendorsRaw":["LangChain","LangGraph","Cyera","Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-27T08:07:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}