Langgraphjs
Approved changes feed: RSS · Atom
cpe:2.3:a:langchain-ai:langgraphjs:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Langchain Ai (95fad776-1fab-55af-bd3a-6177850e04d4) |
|---|---|
| Product | Langgraphjs (fa699d9d-cd42-55d4-9036-a0b8fdffae71) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-27022 |
vulnerable | 2026-06-08 07:53:21.836584 |
RediSearch Query Injection in @langchain/langgraph-checkpoint-redis
MEDIUM (6.5)
@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2.
Published: 2026-02-20T21:06:53.773Z
Updated: 2026-02-24T18:33:25.127Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.