{"id":2975,"date":"2026-03-27T10:10:00","date_gmt":"2026-03-27T17:10:00","guid":{"rendered":"http:\/\/www.wiki-living.com\/index.php\/2026\/03\/27\/each-vulnerability-exposes-a-different-class-of-business-data-langchain-framework-hit-by-several-troubling-security-issues-heres-what-we-know\/"},"modified":"2026-03-28T08:03:10","modified_gmt":"2026-03-28T15:03:10","slug":"each-vulnerability-exposes-a-different-class-of-business-data-langchain-framework-hit-by-several-troubling-security-issues-heres-what-we-know","status":"publish","type":"post","link":"https:\/\/www.wiki-living.com\/index.php\/2026\/03\/27\/each-vulnerability-exposes-a-different-class-of-business-data-langchain-framework-hit-by-several-troubling-security-issues-heres-what-we-know\/","title":{"rendered":"&#8216;Each vulnerability exposes a different class of business data&#8217;: LangChain framework hit by several troubling security issues &#8211; here&#8217;s what we know"},"content":{"rendered":"<p><br \/>\n<\/p>\n<div id=\"article-body\">\n<hr id=\"elk-54425299-9868-4e7b-bdf0-4b832cd766a2\"\/>\n<ul id=\"elk-37371436-2def-4ae7-9aa8-8a83bddecc16\">\n<li><strong>LangChain and LangGraph combine three highly robust vulnerabilities to reveal files, secrets, and chat histories<\/strong><\/li>\n<li><strong>Vulnerabilities include method leaks, deserialization leaks, and SQL injection in SQLite checkpoints<\/strong><\/li>\n<li><strong>Researchers warn of dangers to libraries downstream; developers are urged to check the settings and treat the LLM results as a trusted input<\/strong><\/li>\n<\/ul>\n<hr id=\"elk-8dbe621e-e72e-43e2-b795-586a376ec8a9\"\/>\n<p id=\"elk-89c0b648-03f6-49c6-8191-1d03c5b8b6df\">LangChain and LangGraph, two popular open source frameworks for building AI applications, contain high sensitivity and critical vulnerabilities that allow malicious actors to extract sensitive data from compromised systems.<\/p>\n<p>LangChain helps developers build applications using large-scale linguistic models (LLM), by connecting AI models to various data sources and tools. It is a popular tool among developers who want to build chatbots and assistants. LangGraph, on the other hand, is built on top of LangChain and is designed to help create AI agents that follow structured workflows, step by step. It uses graphs to control how tasks flow between steps, and devs use them for complex, multi-step processes.<\/p>\n<aside data-block-type=\"embed\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" class=\"hawk-root\"\/>\n<p id=\"elk-89c0b648-03f6-49c6-8191-1d03c5b8b6df-2\">Citing statistics from the Python Package Index (PyPI), <em>Hacker News<\/em> states that the projects have a combined download of more than 60 million per week, suggesting that they are very popular in the software development community.<\/p>\n<p><span class=\"article-continues-below block py-2 text-sm\">The article continues below <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" class=\"inline-block w-2.5 h-2.5 ml-2\" fill=\"currentColor\" preserveaspectratio=\"xMidYMid meet\" viewbox=\"0 0 1000 1000\"><path d=\"M1000 100L500 900 0 100h1000z\"\/><\/svg><\/span><\/p>\n<aside data-component-name=\"Recirculation:ArticleRiver\" data-recirculation-type=\"inline\" data-mrf-recirculation=\"Trending Bar\" data-nosnippet=\"\" class=\"clear-both pb-0 pt-2 mb-4\">\n        <span class=\"&#10;            flex&#10;            after:content-[''] after:flex-1 after:ml-4 after:my-[0.7rem] after:border-t after:border-solid after:border-t-[#ccc]&#10;            before:content-[''] before:flex-1 before:mr-4 before:my-[0.7rem] before:border-t before:border-solid before:border-t-[#ccc]&#10;            font-article-heading pb-0 !text-base uppercase sm:text-sm font-bold&#10;        \"><\/p>\n<p>            You might like it<br \/>\n        <\/span><\/p>\n<\/aside>\n<h2 id=\"vulnerabilities-and-patches-3\">Vulnerabilities and patches<\/h2>\n<p id=\"elk-5c28a411-fdb4-4a55-ac70-48e3056654bf\">Overall, the projects addressed three risks:<\/p>\n<p><strong>CVE-2026-34070<\/strong> (severity score 7.5\/10 &#8211; high) &#8211; Routing bug in LangChain that allows random file access without authentication<\/p>\n<p><strong>CVE-2025-68664<\/strong> (severity rating 9.3\/10 &#8211; serious ) &#8211; Untrustworthy data removal bug in LangChain that leaks API keys and environment secrets<\/p>\n<p><strong>CVE-2025-67644<\/strong> (severity score 7.3\/10 &#8211; high ) &#8211; SQL injection vulnerability in the implementation of the LangGraph SQLite test environment that allows SQL query manipulation<\/p>\n<div id=\"slice-container-newsletterForm-articleInbodyContent-kuKQ5ZpmZDxqNCfHPgN4zY\" class=\"slice-container newsletter-inbodyContent-slice newsletterForm-articleInbodyContent-kuKQ5ZpmZDxqNCfHPgN4zY slice-container-newsletterForm\">\n<div data-hydrate=\"true\" class=\"newsletter-form__wrapper newsletter-form__wrapper--inbodyContent\">\n<div class=\"newsletter-form__container\">\n<section class=\"newsletter-form__top-bar\"\/>\n<section class=\"newsletter-form__main-section\">\n<p class=\"newsletter-form__strapline\">Sign up for the TechRadar Pro newsletter to get all the top news, ideas, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<p>&#8220;Each vulnerability exposes a different class of business information: system files, environment secrets, and conversation history,&#8221; said security researcher Vladimir Tokarev of Cyera in a report detailing the flaws.<\/p>\n<p><em>Hacker News<\/em> notes exploiting any of the three flaws allows malicious actors to read sensitive files such as Docker configurations, extract secrets via rapid injection, and even access chat histories associated with sensitive workflows.<\/p>\n<p>All bugs have been fixed so if you use any of these tools, make sure you upgrade to the latest version to protect your projects.<\/p>\n<aside data-component-name=\"Recirculation:ArticleRiver\" data-recirculation-type=\"inline\" data-mrf-recirculation=\"Trending Bar\" data-nosnippet=\"\" class=\"clear-both pb-0 pt-2 mb-4\">\n        <span class=\"&#10;            flex&#10;            after:content-[''] after:flex-1 after:ml-4 after:my-[0.7rem] after:border-t after:border-solid after:border-t-[#ccc]&#10;            before:content-[''] before:flex-1 before:mr-4 before:my-[0.7rem] before:border-t before:border-solid before:border-t-[#ccc]&#10;            font-article-heading pb-0 !text-base uppercase sm:text-sm font-bold&#10;        \"><\/p>\n<p>            What you can read next<br \/>\n        <\/span><\/p>\n<\/aside>\n<p><strong>CVE-2026-34070<\/strong> can be fixed by bringing langchain-core to at least version 1.2.22<\/p>\n<p><strong>CVE-2025-68664<\/strong> can be fixed by bringing langchain-core to versions n0.3.81 and 1.2.5<\/p>\n<p><strong>CVE-2025-67644<\/strong> can be fixed by bringing langgraph-checkpoint-sqlite to version 3.0.1<\/p>\n<h2 id=\"foundational-plumbing-3\">Basic plumbing<\/h2>\n<figure class=\"van-image-figure inline-layout\" data-bordeaux-image-check=\"\" id=\"elk-7c85f61c-8afc-4eaf-a3e8-e2e71a0f21c2\">\n<div class=\"image-full-width-wrapper\">\n<div class=\"image-widthsetter\" style=\"max-width:970px;\">\n<p class=\"vanilla-image-block\" style=\"padding-top:56.19%;\"> <picture data-new-v2-image=\"true\"><source type=\"image\/webp\" srcset=\"https:\/\/cdn.mos.cms.futurecdn.net\/CMiifeoaPiwDD5NBNkXnuE-970-80.jpg.webp 1200w, https:\/\/cdn.mos.cms.futurecdn.net\/CMiifeoaPiwDD5NBNkXnuE-970-80.jpg.webp 1024w, https:\/\/cdn.mos.cms.futurecdn.net\/CMiifeoaPiwDD5NBNkXnuE-970-80.jpg.webp 970w, https:\/\/cdn.mos.cms.futurecdn.net\/CMiifeoaPiwDD5NBNkXnuE-650-80.jpg.webp 650w, https:\/\/cdn.mos.cms.futurecdn.net\/CMiifeoaPiwDD5NBNkXnuE-480-80.jpg.webp 480w, https:\/\/cdn.mos.cms.futurecdn.net\/CMiifeoaPiwDD5NBNkXnuE-320-80.jpg.webp 320w\" sizes=\"(min-width: 1000px) 970px, calc(100vw - 40px)\"\/><\/picture><\/p>\n<\/div>\n<\/div><figcaption itemprop=\"caption description\" class=\" inline-layout\"><span class=\"caption-text\">What is the biggest threat to business AI data? <\/span><span class=\"credit\" itemprop=\"copyrightHolder\">(Image credit: Shutterstock \/ carlos castilla)<\/span><\/figcaption><\/figure>\n<p id=\"elk-e5dc398b-6e0f-41dd-9ade-3f73c9e647b3\">For Cyera, the findings show that the biggest threat to enterprise AI data may not be as complex as people think.<\/p>\n<p>&#8220;In essence, it hides the invisible, basic plumbing that connects your AI to your business. This layer is vulnerable to some of the oldest tricks in the hacker&#8217;s playbook,&#8221; they said.<\/p>\n<p>They also cautioned that LangChain &#8220;does not stand alone&#8221; but sits &#8220;at the center of a large interdependence that cuts across the AI \u200b\u200bstack.&#8221; By combining hundreds of libraries that wrap LangChain, extend it, or depend on it, it means that any risk to the project also means risk down the stream.<\/p>\n<p>The bugs &#8220;extrude into every library that drops, every wrapper, every integration that inherits the vulnerable code.&#8221;<\/p>\n<p>To truly protect your environment, stockpiling tools won&#8217;t be enough, they say. Any code that passes external or user-controlled configuration to load_prompt_from_config() or load_prompt() needs to be tested, and developers should not enable secrets_from_env=True when removing untrusted data. &#8220;The new default is False. Keep it that way,&#8221; they warned.<\/p>\n<p>They also urged the public to treat the LLM results as &#8220;credible input&#8221;, as different fields can be influenced by a quick injection. Finally, metadata filter keys must be validated before they are passed to checkpoint queries.<\/p>\n<p>&#8220;Never allow user-controlled strings to be dictionary keys in a sort function.&#8221;<\/p>\n<hr id=\"elk-29e03ae4-e5a9-4034-bada-b28b84b48186\"\/>\n<div id=\"slice-container-person-kuKQ5ZpmZDxqNCfHPgN4zY-JeI9Tu1LuLWanzmfoEhdjQQdNPCPAZFq\" class=\"slice-container person-wrapper person-kuKQ5ZpmZDxqNCfHPgN4zY-JeI9Tu1LuLWanzmfoEhdjQQdNPCPAZFq slice-container-person\">\n<div class=\"person person--separator\">\n<div class=\"person__avatar-block\">\n<figure class=\"image-wrapped__wrapper\" data-bordeaux-image-check=\"false\">\n<div class=\"image-wrapped__widthsetter\" style=\"max-width:none\">\n<div class=\"image-wrapped__aspect-padding\" style=\"padding-bottom:56.25%\">\n<div style=\"display:contents\"><picture data-hydrate=\"false\"><source class=\"person__avatar image-wrapped__image image__image\" type=\"image\/webp\" srcset=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j-140-80.png.webp 140w\" sizes=\"99vw\" data-normal=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-pin-nopin=\"true\" data-slice-image=\"true\"\/><source class=\"person__avatar image-wrapped__image image__image\" type=\"image\/png\" srcset=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j-140-80.png 140w\" sizes=\"99vw\" data-normal=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-pin-nopin=\"true\" data-slice-image=\"true\"\/><img decoding=\"async\" alt=\"Best antivirus software article\" srcset=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j-140-80.png 140w\" sizes=\"99vw\" class=\"person__avatar image-wrapped__image image__image\" loading=\"lazy\" data-normal=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/HpHXmtXFPnuzaQ8m9xNW8j.png\" data-pin-nopin=\"true\" data-slice-image=\"true\"\/><\/picture><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<div class=\"person__heading\">\n<p><span class=\"person__name\">The best antivirus for all budgets<\/span><\/p>\n<aside class=\"person__role\">Our top picks, based on real-world testing and comparison<\/aside>\n<\/div>\n<\/div>\n<\/div>\n<hr id=\"elk-27490ee1-7283-43f4-9bfa-2e4fb1e23304\"\/>\n<p id=\"elk-0183118c-7370-4319-8e3f-ae0dedba742c\"><em><strong>Follow TechRadar for Google news<\/strong><\/em>    again<em> <\/em><em><strong>add us as a favorite resource<\/strong><\/em><em>    to get our expert news, reviews, and opinions in your feed. Be sure to click the Follow button!<\/em><\/p>\n<p><em>And of course you can too <\/em><em><strong>follow TechRadar on TikTok<\/strong><\/em><em>    to get news, reviews, unboxings in video form, and get regular updates from us <\/em><em><strong>WhatsApp<\/strong><\/em><em>    again.<\/em><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>LangChain and LangGraph combine three highly robust vulnerabilities to reveal files, secrets, and chat histories Vulnerabilities include method leaks, deserialization leaks, and SQL injection in SQLite checkpoints Researchers warn of dangers to libraries downstream; developers are urged to check the settings and treat the LLM results as a trusted input LangChain and LangGraph, two popular [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2976,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":{"0":"post-2975","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-smart-home-gadgets"},"_links":{"self":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts\/2975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/comments?post=2975"}],"version-history":[{"count":1,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts\/2975\/revisions"}],"predecessor-version":[{"id":2977,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts\/2975\/revisions\/2977"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/media\/2976"}],"wp:attachment":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/media?parent=2975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/categories?post=2975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/tags?post=2975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}