CVE-2026-48775

Published: Giu 16, 2026 Last Modified: Giu 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,8
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in turn result in code execution at checkpoint load time. This is a defense-in-depth issue. The affected behavior is reachable only when checkpoint bytes at rest in the backing store can be modified by an unauthorized party. In most deployments that prerequisite already implies a serious incident; the additional concern is turning 'checkpoint-store write access' into code execution in the application runtime. This issue has been fixed in version 4.1.1.

502

Deserialization of Untrusted Data

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context
Applicable Platforms
Languages: Java, Ruby, PHP, Python, JavaScript
Technologies: Not Technology-Specific, ICS/OT, AI/ML
Likelihood of Exploit: Medium
View CWE Details
913

Improper Control of Dynamically-Managed Code Resources

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Other
Potential Impacts:
Execute Unauthorized Code Or Commands Varies By Context Alter Execution Logic
Applicable Platforms
Languages: Not Language-Specific, Interpreted
View CWE Details
https://github.com/langchain-ai/langgraph/security/advisori…
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-fjqc-hq36-qh…