{"data":{"id":"b3e62ff6-d878-45ef-beec-dbf63feb2d96","title":"CVE-2026-14742: A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of th","summary":"A vulnerability (CVE-2026-14742) was found in langchain-ai langgraph up to version 1.2.4, where the _freeze function in the Task Result Cache (a system that stores computed task results to avoid recalculating them) uses a weak hash when processing the default_cache_key argument. This could potentially be exploited remotely, though the attack requires significant technical skill and is considered difficult to execute.","solution":"N/A -- no mitigation discussed in source. The text mentions that a pull request to fix the issue awaits acceptance, but no patched version number or workaround is specified.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-14742","publishedAt":"2026-07-05T11:16:27.390Z","cveId":"CVE-2026-14742","cweIds":["CWE-327","CWE-328"],"cvssScore":"3.1","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","langgraph"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-05T11:16:27.390Z","capecIds":["CAPEC-20"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}