CNNVD-202512-2029 Information

CNNVD ID

CNNVD-202512-2029

Related CVE

CVE-2025-67644

• CNNVD Published: 2025-12-11

Description (Chinese)

langgraph是LangChain开源的一个大模型框架。 langgraph 3.0.0及之前版本存在SQL注入漏洞，该漏洞源于未验证元数据过滤键，可能导致SQL注入攻击。

Description (English)

langgraph is a large-scale model framework for the Langchain open source. There is a SQL injection loophole in langgraph 3.0.0 and earlier versions, which stems from unverified metadata filter keys, which may lead to an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

LangChain

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a https://cxsecurity.com/issue/WLB-2026020023

Patch

https://docs.langchain.com/oss/python/langgraph/overview