Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable but requires authenticated low-privilege access (PR:L) and high-complexity hash collision (AC:H); impact is limited to low confidentiality with no integrity or availability dimensions.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
AnalysisAI
Weak hashing in LangGraph's Task Result Cache exposes low-privilege authenticated users to hash collision attacks that can leak cached task results across isolation boundaries. All LangGraph versions through 1.2.4 are affected via the _freeze function in libs/langgraph/langgraph/_internal/_cache.py. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid low-privilege authenticated session on the target LangGraph deployment running version 1.2.4 or earlier (CVSS PR:L confirmed). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low despite the existence of a public proof-of-concept. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privilege authenticated user on a shared LangGraph deployment crafts task inputs specifically engineered to produce a `default_cache_key` that collides with a hash value corresponding to another user's cached task result. When the cache lookup resolves the collision, the attacker receives output data from the other task, potentially exposing sensitive intermediate reasoning, tool outputs, or agent memory. … |
| Remediation | No vendor-released patched version has been confirmed at time of analysis - the fix exists as a pending pull request at https://github.com/langchain-ai/langgraph/pull/8069 awaiting merge. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-328 – Use of Weak Hash
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41747
GHSA-rff8-98wf-8rv4