CVE-2026-48776 langchain-ai CVE debrief

Who should care

Organizations using LangGraph Python SDK versions 0.3.14 and prior, especially those that forward end-user-supplied values directly into SDK identifier parameters without validation, should be aware of this vulnerability. This issue is particularly relevant for deployments relying on URL-prefix-based authorization at an upstream layer.

Technical summary

The LangGraph Python SDK constructs HTTP request paths using caller-supplied identifier values without proper sanitization. This allows identifiers with special URL path characters to potentially redirect requests to different resources than intended. The vulnerability is exacerbated in scenarios where the SDK receives identifier values from untrusted sources and where authorization decisions are made based on the SDK call's intended path rather than the final delivered request path. The issue is addressed in version 0.3.15 of the SDK.

Defensive priority

MEDIUM

Recommended defensive actions

• Update LangGraph Python SDK to version 0.3.15 or later
• Validate identifier values against an expected format (such as a UUID) before passing them to the SDK
• Implement additional authorization checks at the application level to ensure access control
• Review and update URL-prefix-based authorization configurations at upstream layers
• Monitor for and restrict suspicious traffic patterns that could exploit this vulnerability
• Consider using a Web Application Firewall (WAF) to detect and prevent attacks

Evidence notes

The information provided is based on the CVE record and details from the LangGraph Python SDK security advisory. The vulnerability's impact and recommended actions are derived from the CVSS score and vector, as well as the nature of the vulnerability itself.

Official resources