CVE-2026-14742: A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of th
Summary
A vulnerability (CVE-2026-14742) was found in langchain-ai langgraph up to version 1.2.4, where the _freeze function in the Task Result Cache (a system that stores computed task results to avoid recalculating them) uses a weak hash when processing the default_cache_key argument. This could potentially be exploited remotely, though the attack requires significant technical skill and is considered difficult to execute.
Vulnerability Details
3.1(low)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
network
high
low
none
July 5, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-14742
First tracked: July 5, 2026 at 08:07 AM
Classified by LLM (prompt v3) · confidence: 85%