{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27022", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-17T03:08:23.490Z", "datePublished": "2026-02-20T21:06:53.773Z", "dateUpdated": "2026-02-24T18:33:25.127Z"}, "containers": {"cna": {"title": "RediSearch Query Injection in @langchain/langgraph-checkpoint-redis", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m"}, {"name": "https://github.com/langchain-ai/langgraphjs/pull/1943", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langgraphjs/pull/1943"}, {"name": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1"}, {"name": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2"}], "affected": [{"vendor": "langchain-ai", "product": "langgraphjs", "versions": [{"version": "< 1.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-20T21:06:53.773Z"}, "descriptions": [{"lang": "en", "value": "@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2."}], "source": {"advisory": "GHSA-5mx2-w598-339m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:33:08.517946Z", "id": "CVE-2026-27022", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:33:25.127Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27022", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T18:33:08.517946Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:33:16.867Z"}}], "cna": {"title": "RediSearch Query Injection in @langchain/langgraph-checkpoint-redis", "source": {"advisory": "GHSA-5mx2-w598-339m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "langchain-ai", "product": "langgraphjs", "versions": [{"status": "affected", "version": "< 1.0.2"}]}], "references": [{"url": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m", "name": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/langchain-ai/langgraphjs/pull/1943", "name": "https://github.com/langchain-ai/langgraphjs/pull/1943", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1", "name": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2", "name": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-20T21:06:53.773Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27022", "state": "PUBLISHED", "dateUpdated": "2026-02-24T18:33:25.127Z", "dateReserved": "2026-02-17T03:08:23.490Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-20T21:06:53.773Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2."}, {"lang": "es", "value": "@langchain/langgraph-checkpoint-redis es la implementaci\u00f3n de punto de control y almacenamiento de Redis para LangGraph. Existe una vulnerabilidad de inyecci\u00f3n de consultas en el manejo de filtros del paquete @langchain/langgraph-checkpoint-redis. Las clases RedisSaver y ShallowRedisSaver construyen consultas de RediSearch interpolando directamente claves y valores de filtro proporcionados por el usuario sin un escape adecuado. RediSearch tiene caracteres de sintaxis especiales que pueden modificar el comportamiento de las consultas, y cuando los datos controlados por el usuario contienen estos caracteres, la l\u00f3gica de la consulta puede ser manipulada para eludir los controles de acceso previstos. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.0.2."}], "id": "CVE-2026-27022", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-20T22:16:28.480", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langgraphjs/pull/1943"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "langgraphjs", "vendor": "langchain-ai"}], "analysis": {"en": {"generated_at": "2026-04-17T17:10:19.681618+00:00", "value": {"mitigation_remediation": ["Upgrade the @langchain/langgraph-checkpoint-redis package to version 1.0.2 or later to apply the vendor patch that escapes filter inputs.", "Review and refactor any custom filter logic to validate and escape all user-supplied keys and values before constructing RediSearch queries, applying general injection prevention against CWE-74.", "If an immediate update is not possible, implement a temporary workaround by sanitizing all filter keys and values to escape RediSearch\u2019s special syntax characters before concatenation, reducing the risk until a patch is applied."], "summary": {"action": "Patch", "impact": "Query Injection can lead to unauthorized data access in Redis"}, "threat_synthesis": {"affected_systems": "LangGraph\u2019s Redis checkpoint implementation, specifically langchain-ai:langgraphjs\u2019s @langchain/langgraph-checkpoint-redis component, is affected. The vulnerability exists in all releases prior to 1.0.2; the fix was released in 1.0.2. Deployments that use the RedisSaver or ShallowRedisSaver classes with user\u2011controlled filters are at risk.", "description_and_impact": "An injection flaw in the @langchain/langgraph-checkpoint-redis package allows an attacker to manipulate RediSearch queries by supplying crafted filter keys and values. Because the package concatenates user input directly into queries without proper escaping, special characters can alter the query logic, potentially bypassing intended access controls. This flaw can lead to unauthorized read or modification of stored data, impacting confidentiality and integrity.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, while an EPSS score of less than 1% suggests a low current exploitation probability, and it is not marked as a known exploited vulnerability. Exploits would likely be performed by an attacker with legitimate or compromised application access who supplies a crafted filter payload; the unescaped input can alter RediSearch query evaluation and bypass intended access checks. Although no authentication bypass is required beyond the application context, the impact on data confidentiality and integrity is significant."}}}}, "created": "2026-02-23T14:35:07.469299+00:00", "updated": "2026-04-17T17:15:23.723431+00:00", "vendors": ["langchain-ai", "langchain-ai$PRODUCT$langgraphjs"]}