Critical Security Breach: LangGraph and LangChain Vulnerabilities Exposed as 7,000 Servers Come Under Attack

The recent security breaches involving AI agent frameworks have raised serious concerns about the vulnerabilities present in these systems. Your AI agent, designed to perform specific tasks, inadvertently exposed critical information such as your OpenAI key, database credentials, and CRM tokens to potential attackers. This breach is not a theoretical scenario but a real threat that has been exploited through known bugs in widely used AI agent frameworks.

In recent months, three popular AI agent frameworks have been compromised due to common bug classes, leading to serious security implications. Check Point Research discovered a SQL injection vulnerability in LangGraph’s SQLite checkpointer, which allowed attackers to execute remote code on the system. Similarly, Tenable and VulnCheck found a path traversal vulnerability in Langflow’s file upload endpoint, leading to active remote code execution. Cyera also documented a path traversal vulnerability in LangChain-core’s prompt loader, enabling attackers to read sensitive information from disk.

The LangGraph chain, starting with a SQL injection vulnerability (CVE-2025-67644) and chaining into remote code execution (CVE-2026-28277), posed a significant threat to systems running LangGraph. The vulnerability allowed attackers to insert a fabricated row into the checkpoint table, leading to the execution of arbitrary code on the server. While there have been no reported exploits in the wild, the potential for exploitation is high, prompting the release of patches for the affected frameworks.

Langflow, another widely deployed AI agent framework, faced a serious security flaw (CVE-2026-5027) that enabled attackers to write files to the server using an unauthenticated request. This vulnerability, combined with the default configuration settings in Langflow, allowed attackers to gain unauthorized access to systems with minimal effort. The exploitation of this vulnerability was confirmed by VulnCheck, highlighting the urgent need for patching and securing instances running Langflow.

LangChain-core, the underlying foundation for LangGraph and Langflow, disclosed a path traversal vulnerability (CVE-2026-34070) in its prompt-loading API, allowing attackers to read arbitrary files on the system. This flaw, combined with a deserialization vulnerability (CVE-2025-68664), posed a significant risk to systems running LangChain-core. The fixes for these vulnerabilities require updating to the latest versions of the frameworks and implementing additional security measures to prevent future exploits.

The security implications of these vulnerabilities extend beyond technical aspects to encompass business risks and governance failures. Security teams must assess the business impact of these vulnerabilities and take proactive measures to mitigate the risks associated with AI agent frameworks. By implementing a six-question checklist to evaluate trust boundaries, organizations can identify and address potential vulnerabilities before they are exploited by malicious actors.

In conclusion, the recent security breaches in AI agent frameworks highlight the importance of proactive security measures and constant vigilance in the face of evolving threats. By prioritizing security updates, implementing best practices, and enhancing governance processes, organizations can mitigate the risks associated with AI agent frameworks and protect sensitive information from unauthorized access.