Medium severity6.8NVD Advisory· Published Mar 5, 2026· Updated Apr 21, 2026
CVE-2026-28277
CVE-2026-28277
Description
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langgraphPyPI | < 1.0.10 | 1.0.10 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g48c-2wqr-h844ghsaADVISORY
- github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844nvdVendor AdvisoryMitigationWEB
- nvd.nist.gov/vuln/detail/CVE-2026-28277ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/langgraph/PYSEC-2026-83.yamlghsaWEB
News mentions
3- Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server ControlCyber Security News · Jun 12, 2026
- LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code ExecutionThe Hacker News · Jun 12, 2026
- From SQLi to RCE – Exploiting LangGraph’s CheckpointerCheck Point Research · Jun 11, 2026