GHSA-w39p-vh2g-g8g5: LangGraph SDK has unsafe URL path construction
Summary
The langgraph-sdk (a Python library for making HTTP requests to LangGraph services) had a vulnerability where it directly inserted user-supplied identifier values into URLs without encoding them. This meant special characters in identifiers could change which resource was accessed, potentially allowing users to access, modify, or delete resources they shouldn't have permission to change, especially in systems that check permissions based on the URL path. The vulnerability only affects applications that pass unvalidated user input directly to SDK methods.
Solution / Mitigation
The SDK now applies path-segment encoding to identifier values before they are interpolated into request URL templates. After this change, identifier values that contain characters with special meaning in URL paths are transmitted as encoded byte sequences and routed to the resource the SDK method's call site indicates. Additionally, the source recommends: validate identifier values (typically as UUIDs) at the boundary where untrusted input enters the application before passing them to SDK methods, and for deployments relying on URL-prefix-based authorization, prefer authorization at the LangGraph server layer or on parsed-and-validated request paths rather than on raw URL prefixes.
Vulnerability Details
EPSS: 0.2%
Yes
June 25, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-w39p-vh2g-g8g5
First tracked: June 25, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%