PyPI: langgraph
CVE-2026-28277
Safety vulnerability ID: SFTY-20260305-16295
Safety legacy ID: pyup.io-88438
Affected versions of the langgraph package are vulnerable to Deserialization of Untrusted Data due to unsafe msgpack checkpoint deserialization that can reconstruct Python objects from attacker-controlled checkpoint bytes. LangGraph checkpointers load msgpack-encoded checkpoints from the persistence layer, and when checkpoint data is tampered with, the checkpoint loading process can deserialize crafted payloads that trigger unsafe object reconstruction during resume operations.
Overview
LangGraph checkpoint loading has unsafe msgpack deserialization
Advisory
Affected versions of the langgraph package are vulnerable to Deserialization of Untrusted Data due to unsafe msgpack checkpoint deserialization that can reconstruct Python objects from attacker-controlled checkpoint bytes. LangGraph checkpointers load msgpack-encoded checkpoints from the persistence layer, and when checkpoint data is tampered with, the checkpoint loading process can deserialize crafted payloads that trigger unsafe object reconstruction during resume operations.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260305-16295/CVE-2026-28277
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28277
- https://github.com/advisories/GHSA-g48c-2wqr-h844
- https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844
- https://nvd.nist.gov/vuln/detail/CVE-2026-28277
- https://github.com/advisories/GHSA-g48c-2wqr-h844
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more