CVE-2026-14742
langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash
CVSS Score
3.1
EPSS Score
0.2%
EPSS Percentile
6th
A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
| CWE | CWE-328 CWE-327 |
| Vendor | langchain-ai |
| Product | langgraph |
| Published | Jul 5, 2026 |
| Last Updated | Jul 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for langchain-ai langgraph
Be the first to know when new low vulnerabilities affecting langchain-ai langgraph are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
langchain-ai / langgraph
1.2.0 1.2.1 1.2.2 1.2.3 1.2.4
References
vuldb.com: https://vuldb.com/vuln/376328 vuldb.com: https://vuldb.com/vuln/376328/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14742 vuldb.com: https://vuldb.com/submit/849217 github.com: https://github.com/langchain-ai/langgraph/issues/8009 github.com: https://github.com/langchain-ai/langgraph/pull/8069 github.com: https://github.com/langchain-ai/langgraph/
Credits
๐ Dem0 (VulDB User) VulDB CNA Team