CVE-2026-28277 MEDIUM

CVE-2026-28277: LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

Vendor Langchain-Ai

Product langgraph

Weakness CWE-502 · Unsafe deserialization

Published March 5, 2026

Last update March 6, 2026

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.

Key dates

02Disclosure timeline

March 5, 2026 CVE published

March 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-28277 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

CVE-2026-28277: LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

01Description

02Disclosure timeline

03References

04Related CVE