GHSA-98xf-r82g-9mhx: LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access
Summary
LangGraph's MongoDBSaver had a NoSQL injection vulnerability (a type of attack where special database commands are sneaked into queries) that allowed attackers to read checkpoint data (saved conversation states) from other users or tenants by injecting MongoDB operators like $gt into identifier fields. This happened because the code didn't enforce that these fields must be strings before using them in database queries.
Solution / Mitigation
Upgrade to @langchain/langgraph-checkpoint-mongodb@1.3.1 or later. Version 1.3.1 adds runtime validation for configurable checkpoint identifiers and rejects invalid values before they reach MongoDB query paths. The patch also includes regression tests covering object and operator payloads. As additional protection, validate identifier fields at API boundaries and avoid passing raw client objects into graph config.
Vulnerability Details
EPSS: 0.0%
Yes
June 12, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-98xf-r82g-9mhx
First tracked: June 12, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%