Security researchers have uncovered serious vulnerabilities in widely used artificial intelligence frameworks, exposing enterprise systems to potential data breaches. The affected platforms, LangChain and LangGraph, are commonly used to build applications powered by large language models, making the impact both widespread and significant.
Massive Adoption Increases Risk Exposure
Both frameworks are deeply embedded in modern AI development environments. Recent usage statistics reveal millions of downloads within a short period, highlighting their popularity among developers and organizations.
LangGraph, built on top of LangChain, enables more complex and dynamic workflows, which makes it even more attractive for enterprise-level AI deployments. However, this widespread adoption also increases the attack surface when vulnerabilities are discovered.
Three Major Vulnerabilities Identified
Researchers identified three distinct security flaws, each exposing a different type of sensitive data:
1. File System Exposure via Path Traversal
The first vulnerability, CVE-2026-34070, allows attackers to access arbitrary files on a system. By crafting a malicious prompt template, an attacker can bypass validation checks and retrieve sensitive files such as system configurations or internal documents.
2. Leakage of Secrets Through Unsafe Deserialization
The second issue, CVE-2025-68664, is the most critical among the three. It enables attackers to extract API keys and environment variables by manipulating how the application processes input data.
This vulnerability tricks the system into treating malicious input as trusted serialized objects, leading to unintended exposure of secrets. It was previously disclosed under the codename “LangGrinch.”
3. SQL Injection in LangGraph
The third flaw, CVE-2025-67644, affects LangGraph’s database handling. It allows attackers to inject malicious SQL queries and manipulate backend databases, potentially accessing or altering stored data.
Potential Impact on Enterprise Systems
If exploited, these vulnerabilities can provide attackers with multiple entry points into enterprise systems. The consequences include:
- Unauthorized access to sensitive files such as Docker configurations
- Exposure of API keys and environment secrets
- Retrieval of conversation histories from AI workflows
- Database manipulation and data exfiltration
These attack paths make it possible to drain critical data from AI-powered applications without detection.
Patches and Security Updates
Developers have released fixes to address these vulnerabilities. Users are strongly advised to upgrade to secure versions immediately:
- CVE-2026-34070 fixed in langchain-core version 1.2.22 and above
- CVE-2025-68664 resolved in versions 0.3.81 and 1.2.5
- CVE-2025-67644 patched in langgraph-checkpoint-sqlite version 3.0.1
Applying these updates is essential to prevent exploitation.
Broader Implications for AI Security
These findings highlight a critical reality, AI frameworks are not immune to traditional cybersecurity issues. Common vulnerabilities like path traversal, deserialization flaws, and SQL injection are now appearing in AI ecosystems.
Additionally, a recently disclosed flaw in Langflow showed how quickly attackers can act, with exploitation attempts observed within hours of public disclosure.
A Growing Supply Chain Risk
LangChain sits at the core of a vast ecosystem of tools and integrations. Many libraries depend on it directly or indirectly. This means a single vulnerability can propagate across multiple platforms and applications.
As a result, the risk is not limited to direct users but extends to the entire AI development supply chain.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
