GHSA-mhr3-j7m5-c7c9: LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
Summary
LangGraph versions before 4.0.0 have a remote code execution vulnerability in their caching layer when applications enable cache backends and opt nodes into caching. The vulnerability occurs because the default serializer uses pickle deserialization (a Python feature that can execute arbitrary code) as a fallback when other serialization methods fail, allowing attackers who can write to the cache to execute malicious code.
Solution / Mitigation
Upgrade to langgraph-checkpoint>=4.0.0, which disables pickle fallback by default (pickle_fallback=False).
Vulnerability Details
EPSS: 0.3%
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-mhr3-j7m5-c7c9
First tracked: February 25, 2026 at 11:00 PM
Classified by LLM (prompt v3) · confidence: 95%