Redis
CVE-2026-27794
MEDIUM
Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 pypi packages depend on langgraph-checkpoint (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 4.0.0.
DescriptionGitHub Advisory
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializer(pickle_fallback=True). When msgpack serialization fails, cached values can be deserialized via pickle.loads(...). Caching is not enabled by default. Applications are affected only when the application explicitly enables a cache backend (for example by passing cache=... to StateGraph.compile(...) or otherwise configuring a BaseCache implementation), one or more nodes opt into caching via CachePolicy, and the attacker can write to the cache backend (for example a network-accessible Redis instance with weak/no auth, shared cache infrastructure reachable by other tenants/services, or a writable SQLite cache file). An attacker must be able to write attacker-controlled bytes into the cache backend such that the LangGraph process later reads and deserializes them. This typically requires write access to a networked cache (for example a network-accessible Redis instance with weak/no auth or shared cache infrastructure reachable by other tenants/services) or write access to local cache storage (for example a writable SQLite cache file via permissive file permissions or a shared writable volume). Because exploitation requires write access to the cache storage layer, this is a post-compromise / post-access escalation vector. LangGraph Checkpoint 4.0.0 patches the issue.
AnalysisAI
Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.
Technical ContextAI
This vulnerability (CWE-502: Deserialization of Untrusted Data) affects LangGraph Checkpoint defines the base interface for LangGraph checkpointers.. LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializer(pickle_fallback=True). When msgpack serialization fails, cached values can be deserialized via pickle.loads(...). Caching i
Affected ProductsAI
Product: LangGraph Checkpoint defines the base interface for LangGraph checkpointers.. Versions: up to 4.0.0.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
UAF in Redis 8.2.1 via crafted Lua scripts by authenticated users. EPSS 12.4%. Patch available.
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10,
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. Rated cr
Code injection in OneUptime monitoring via custom JS monitor using vm module. PoC and patch available.
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerab
An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.v
Same weakness CWE-502 – Deserialization of Untrusted Data
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-mhr3-j7m5-c7c9