LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Security researchers disclosed three patched flaws in LangGraph, including a critical chain enabling remote code execution (RCE). The vulnerabilities include SQL injection (CVE-2025-67644), unsafe msgpack deserialization (CVE-2026-28277), and RediSearch query injection (CVE-2026-27022). Exploitation requires attacker-controlled filter input in self-hosted deployments using SQLite or Redis checkpoints, leading to RCE via the `get_state_history()` endpoint. The managed LangSmith platform is unaffected. Users are advised to apply fixes, enable authentication, enforce network segmentation, and follow least privilege principles.

https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html