CNNVD-202511-764 Information

CNNVD ID

CNNVD-202511-764

Related CVE

CVE-2025-64439

• CNNVD Published: 2025-11-07

Description (Chinese)

langgraph是LangChain开源的一个大模型框架。 langgraph 2.1.2及以下版本存在代码问题漏洞，该漏洞源于JsonPlusSerializer在反序列化json模式保存的有效载荷时存在远程代码执行漏洞。

Description (English)

langgraph is a large-scale model framework for the Langchain open source. langgraph 2.1.2 and the following versions have a code problem loophole, which stems from the remote code execution gap of Jason PlusSerializer in the payload stored in the anti-serialized json mode.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

LangChain

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D3.0.0 https://github.com/langchain-ai/langgraph/blob/c5744f583b11745cd406f3059903e17bbcdcc8ac/libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5 https://github.com/langchain-ai/langgraph/commit/c5744f583b11745cd406f3059903e17bbcdcc8ac https://access.redhat.com/security/cve/cve-2025-64439

Patch

https://github.com/langchain-ai/langgraph/releases