GHSA-5mx2-w598-339m: RediSearch Query Injection in @langchain/langgraph-checkpoint-redis
Summary
A query injection vulnerability exists in the `@langchain/langgraph-checkpoint-redis` package, where user-provided filter values are not properly escaped when constructing RediSearch queries (a search system built on Redis). Attackers can inject RediSearch syntax characters (like the OR operator `|`) into filter values to bypass thread isolation controls and access checkpoint data from other users or threads they shouldn't be able to see.
Solution / Mitigation
The 1.0.2 patch introduces an `escapeRediSearchTagValue()` function that properly escapes all RediSearch special characters (- . < > { } [ ] " ' : ; ! @ # $ % ^ & * ( ) + = ~ | \ ? /) by prefixing them with backslashes, and applies this escaping to all filter keys used in query construction.
Vulnerability Details
EPSS: 0.0%
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/advisories/GHSA-5mx2-w598-339m
First tracked: February 18, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 92%