{"id":"CVE-2026-28277","summary":"LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading","details":"LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.","aliases":["GHSA-g48c-2wqr-h844","PYSEC-2026-83"],"modified":"2026-05-20T08:11:03.099877890Z","published":"2026-03-05T19:10:36.865Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28277.json","cwe_ids":["CWE-502"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28277.json"},{"type":"ADVISORY","url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28277"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/langchain-ai/langgraph","events":[{"introduced":"0"},{"last_affected":"ea0418334bff5dc2ea852282517c3e139353f5a7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.9"}]}}],"versions":["0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.15","0.2.16","0.2.17","0.2.18","0.2.19","0.2.2","0.2.20","0.2.21","0.2.22","0.2.23","0.2.24","0.2.25","0.2.26","0.2.27","0.2.28","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.9","checkpoint==1.0.0","checkpoint==1.0.1","checkpoint==1.0.10","checkpoint==1.0.11","checkpoint==1.0.12","checkpoint==1.0.2","checkpoint==1.0.3","checkpoint==1.0.4","checkpoint==1.0.7","checkpoint==1.0.8","checkpoint==1.0.9","checkpointpostgres==1.0.0","checkpointpostgres==1.0.1","checkpointpostgres==1.0.2","checkpointpostgres==1.0.3","checkpointpostgres==1.0.4","checkpointpostgres==1.0.5","checkpointpostgres==1.0.6","checkpointpostgres==1.0.7","checkpointpostgres==1.0.8","checkpointpostgres==1.0.9","checkpointsqlite==1.0.0","checkpointsqlite==1.0.1","checkpointsqlite==1.0.2","checkpointsqlite==1.0.3","checkpointsqlite==1.0.4","cli==0.1.40","cli==0.1.41","cli==0.1.42","cli==0.1.44","cli==0.1.45","cli==0.1.45a0","cli==0.1.45a1","cli==0.1.46","cli==0.1.47","cli==0.1.48","cli==0.1.49","cli==0.1.50","cli==0.1.51","cli==0.1.52","langgraph-cli==0.1.39","sdk==0.1.23","sdk==0.1.24","sdk==0.1.25","sdk==0.1.26","sdk==0.1.27","sdk==0.1.28","sdk==0.1.29","sdk==0.1.30","sdk==0.1.31","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28277.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}