CYBERSECURITY researchers have disclosed three security vulnerabilities in LangChain and LangGraph that could expose filesystem data, environment secrets, and conversation history if exploited.
The flaws include CVE-2026-34070, a path traversal in LangChain that can grant access to arbitrary files via a crafted prompt template; CVE-2025-68664, a deserialization of untrusted data in LangChain that can leak API keys and secrets by misinterpreting input data as a serialized LangChain object; and CVE-2025-67644, an SQL injection in the LangGraph SQLite checkpoint that allows arbitrary SQL execution through metadata filter keys.
The researchers warn that successful exploitation could enable reading sensitive files, extracting secrets, and accessing conversation histories from enterprise deployments, with Cyera noting the cross-library ripple effects when core components are vulnerable. Patches have been released in langchain-core 1.2.22 or newer, langchain-core 0.3.81 and 1.2.5 for the second CVE, and langgraph-checkpoint-sqlite 3.0.1 for the third, and the findings underscore how AI plumbing remains susceptible to classic security flaws.
According to Cyera, the broader AI ecosystem’s dependency web means vulnerability elsewhere can affect downstream libraries and integrations that rely on the affected code paths.