LangChain, LangGraph Flaws Expose Recordsdata, Secrets and techniques, Databases in Broadly Used AI Frameworks

Ravie LakshmananMar 27, 2026Vulnerability / Synthetic Intelligence

Cybersecurity researchers have disclosed three safety vulnerabilities impacting LangChain and LangGraph that, if efficiently exploited, may expose filesystem information, setting secrets and techniques, and dialog historical past.

Each LangChain and LangGraph are open-source frameworks which might be used to construct purposes powered by Massive Language Fashions (LLMs). LangGraph is constructed on the foundations of LangChain for extra refined and non-linear agentic workflows. In response to statistics on the Python Bundle Index (PyPI), LangChain, LangChain-Core, and LangGraph have been downloaded greater than 52 million, 23 million, and 9 million occasions final week alone.

“Every vulnerability exposes a unique class of enterprise information: filesystem information, setting secrets and techniques, and dialog historical past,” Cyera safety researcher Vladimir Tokarev stated in a report revealed Thursday.

The problems, in a nutshell, supply three unbiased paths that an attacker can leverage to empty delicate information from any enterprise LangChain deployment. Particulars of the vulnerabilities are as follows –

• CVE-2026-34070 (CVSS rating: 7.5) – A path traversal vulnerability in LangChain (“langchain_core/prompts/loading.py”) that permits entry to arbitrary information with none validation by way of its prompt-loading API by supplying a specifically crafted immediate template.
• CVE-2025-68664 (CVSS rating: 9.3) – A deserialization of untrusted information vulnerability in LangChain that leaks API keys and setting secrets and techniques by passing as enter an information construction that methods the appliance into decoding it as an already serialized LangChain object fairly than common person information.
• CVE-2025-67644 (CVSS rating: 7.3) – An SQL injection vulnerability in LangGraph SQLite checkpoint implementation that permits an attacker to govern SQL queries by metadata filter keys and run arbitrary SQL queries in opposition to the database.

Profitable exploitation of the aforementioned flaws may permit an attacker to learn delicate information like Docker configurations, siphon delicate secrets and techniques by way of immediate injection, and entry dialog histories related to delicate workflows. It is price noting that particulars of CVE-2025-68664 had been additionally shared by Cyata in December 2025, giving it the cryptonym LangGrinch.

The vulnerabilities have been patched within the following variations –

• CVE-2026-34070 – langchain-core >=1.2.22
• CVE-2025-68664 – langchain-core 0.3.81 and 1.2.5
• CVE-2025-67644 – langgraph-checkpoint-sqlite 3.0.1

The findings as soon as once more underscore how synthetic intelligence (AI) plumbing is just not proof against basic safety vulnerabilities, doubtlessly placing complete programs in danger.

The event comes days after a important safety flaw impacting Langflow (CVE-2026-33017, CVSS rating: 9.3) has come beneath energetic exploitation inside 20 hours of public disclosure, enabling attackers to exfiltrate delicate information from developer environments.

Naveen Sunkavally, chief architect at Horizon3.ai, stated the vulnerability shares the identical root trigger as CVE-2025-3248, and stems from unauthenticated endpoints executing arbitrary code. With risk actors shifting shortly to take advantage of newly disclosed flaws, it is important that customers apply the patches as quickly as attainable for optimum safety.

“LangChain does not exist in isolation. It sits on the heart of an enormous dependency internet that stretches throughout the AI stack. A whole bunch of libraries wrap LangChain, prolong it, or rely on it,” Cyera stated. “When a vulnerability exists in LangChain’s core, it doesn’t simply have an effect on direct customers. It ripples outward by each downstream library, each wrapper, each integration that inherits the weak code path.”