PatchSiren cyber security CVE debrief
CVE-2026-48775 langchain-ai CVE debrief
CVE-2026-48775 is a defense-in-depth issue in LangGraph SQLite Checkpoint's JsonPlusSerializer. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in turn result in code execution at checkpoint load time. This issue has been fixed in version 4.1.1.
- Vendor
- langchain-ai
- Product
- langgraph
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of LangGraph SQLite Checkpoint versions 4.1.0 and prior who store checkpoint data in a location that may be modified by unauthorized parties.
Technical summary
The JsonPlusSerializer in LangGraph SQLite Checkpoint can reconstruct Python objects from JSON checkpoint payloads. If checkpoint bytes at rest can be modified, this could lead to code execution at checkpoint load time.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to version 4.1.1 or later
- Ensure checkpoint data is stored securely to prevent unauthorized modifications
Evidence notes
This issue is a defense-in-depth concern. The affected behavior is reachable only when checkpoint bytes at rest in the backing store can be modified by an unauthorized party.
Official resources
-
CVE-2026-48775 CVE record
CVE.org
-
CVE-2026-48775 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-48775 was published on 2026-06-16T19:16:58.880Z and modified on 2026-06-16T20:46:19.370Z.