๐Ÿ” CVE Alert

CVE-2026-14742

LOW 3.1

langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

CVSS Score
3.1
EPSS Score
0.2%
EPSS Percentile
6th

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

CWE CWE-328 CWE-327
Vendor langchain-ai
Product langgraph
Published Jul 5, 2026
Last Updated Jul 6, 2026
Stay Ahead of the Next One

Get instant alerts for langchain-ai langgraph

Be the first to know when new low vulnerabilities affecting langchain-ai langgraph are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

langchain-ai / langgraph
1.2.0 1.2.1 1.2.2 1.2.3 1.2.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376328 vuldb.com: https://vuldb.com/vuln/376328/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14742 vuldb.com: https://vuldb.com/submit/849217 github.com: https://github.com/langchain-ai/langgraph/issues/8009 github.com: https://github.com/langchain-ai/langgraph/pull/8069 github.com: https://github.com/langchain-ai/langgraph/

Credits

๐Ÿ” Dem0 (VulDB User) VulDB CNA Team