{"id":"PYSEC-2026-83","details":"LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.","aliases":["CVE-2026-28277","GHSA-g48c-2wqr-h844"],"modified":"2026-05-20T09:19:04.761672Z","published":"2026-03-05T20:16:15.677Z","references":[{"type":"ADVISORY","url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844"}],"affected":[{"package":{"name":"langgraph","ecosystem":"PyPI","purl":"pkg:pypi/langgraph"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.10rc1"}]}],"versions":["0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.15","0.0.16","0.0.17","0.0.18","0.0.19","0.0.20","0.0.21","0.0.22","0.0.23","0.0.24","0.0.25","0.0.26","0.0.27","0.0.28","0.0.29","0.0.30","0.0.31","0.0.32","0.0.33","0.0.34","0.0.35","0.0.36","0.0.37","0.0.38","0.0.39","0.0.40","0.0.41","0.0.42","0.0.43","0.0.44","0.0.45","0.0.46","0.0.47","0.0.48","0.0.49","0.0.50","0.0.51","0.0.52","0.0.53","0.0.54","0.0.55","0.0.56","0.0.57","0.0.58","0.0.59","0.0.60","0.0.61","0.0.62","0.0.63","0.0.64","0.0.65","0.0.66","0.0.67","0.0.68","0.0.69","0.0.8","0.0.9","0.1.1","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.14","0.2.15","0.2.16","0.2.17","0.2.18","0.2.19","0.2.2","0.2.20","0.2.21","0.2.22","0.2.23","0.2.24","0.2.25","0.2.26","0.2.27","0.2.28","0.2.29","0.2.3","0.2.30","0.2.31","0.2.32","0.2.33","0.2.34","0.2.35","0.2.36","0.2.37","0.2.38","0.2.39","0.2.4","0.2.40","0.2.41","0.2.42","0.2.43","0.2.44","0.2.45","0.2.46","0.2.47","0.2.48","0.2.49","0.2.5","0.2.50","0.2.51","0.2.52","0.2.53","0.2.54","0.2.55","0.2.56","0.2.57","0.2.58","0.2.59","0.2.5a0","0.2.6","0.2.60","0.2.61","0.2.62","0.2.63","0.2.64","0.2.65","0.2.66","0.2.67","0.2.68","0.2.69","0.2.7","0.2.70","0.2.71","0.2.72","0.2.73","0.2.74","0.2.75","0.2.76","0.2.7a0","0.2.8","0.2.9","0.3.0","0.3.1","0.3.10","0.3.11","0.3.12","0.3.13","0.3.14","0.3.15","0.3.16","0.3.17","0.3.18","0.3.19","0.3.2","0.3.20","0.3.21","0.3.22","0.3.23","0.3.24","0.3.25","0.3.26","0.3.27","0.3.28","0.3.29","0.3.3","0.3.30","0.3.31","0.3.32","0.3.33","0.3.34","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.1","0.4.10","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.0rc0","0.5.0rc1","0.5.1","0.5.2","0.5.3","0.5.4","0.6.0","0.6.0a1","0.6.0a2","0.6.1","0.6.10","0.6.11","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","1.0.0","1.0.0a1","1.0.0a2","1.0.0a3","1.0.0a4","1.0.0rc1","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/langgraph/PYSEC-2026-83.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}