{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-27022", "tracking": { "current_release_date": "2026-03-22T17:54:21.748182Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-27022", "initial_release_date": "2026-02-18T23:39:47.212174Z", "revision_history": [ { "date": "2026-02-18T23:39:47.212174Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (5).| CWES updated (1)." }, { "date": "2026-02-18T23:39:50.746464Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-02-20T21:38:36.624343Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (4).| CWES updated (1)." }, { "date": "2026-02-20T21:38:39.398096Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-02-20T22:24:59.803101Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)." }, { "date": "2026-02-20T22:25:04.082475Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-02-21T14:14:53.514255Z", "number": "7", "summary": "Source created.| CVE status created. (valid)| EPSS created." }, { "date": "2026-02-21T14:14:55.599374Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-02-21T17:48:15.431160Z", "number": "9", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (102).| References created (6).| CWES updated (1)." }, { "date": "2026-02-21T17:48:26.437656Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-02-23T00:25:26.821814Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (4).| CWES updated (1)." }, { "date": "2026-02-23T22:39:50.994683Z", "number": "12", "summary": "References created (1)." }, { "date": "2026-02-24T00:21:14.946296Z", "number": "13", "summary": "References created (1)." }, { "date": "2026-02-24T19:59:32.045867Z", "number": "14", "summary": "Unknown change." }, { "date": "2026-02-24T19:59:33.753810Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-20T09:42:46.356301Z", "number": "16", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T19:14:22.522030Z", "number": "17", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (2).| References created (7).| CWES updated (1)." } ], "status": "interim", "version": "17" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<1.0.2", "product": { "name": "vers:unknown/>=0|<1.0.2", "product_id": "CSAFPID-5664735" } } ], "category": "product_name", "name": "@langchain/langgraph-checkpoint-redis" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/0.0.10", "product": { "name": "vers:unknown/0.0.10", "product_id": "CSAFPID-5659525" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.11", "product": { "name": "vers:unknown/0.0.11", "product_id": "CSAFPID-5659526" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.12", "product": { "name": "vers:unknown/0.0.12", "product_id": "CSAFPID-5659527" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.13", "product": { "name": "vers:unknown/0.0.13", "product_id": "CSAFPID-5659528" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.14", "product": { "name": "vers:unknown/0.0.14", "product_id": "CSAFPID-5659529" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.15", "product": { "name": "vers:unknown/0.0.15", "product_id": "CSAFPID-5659530" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.16", "product": { "name": "vers:unknown/0.0.16", "product_id": "CSAFPID-5659531" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.17", "product": { "name": "vers:unknown/0.0.17", "product_id": "CSAFPID-5659532" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.18", "product": { "name": "vers:unknown/0.0.18", "product_id": "CSAFPID-5659533" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.19", "product": { "name": "vers:unknown/0.0.19", "product_id": "CSAFPID-5659534" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.21", "product": { "name": "vers:unknown/0.0.21", "product_id": "CSAFPID-5659535" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.22", "product": { "name": "vers:unknown/0.0.22", "product_id": "CSAFPID-5659536" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.28", "product": { "name": "vers:unknown/0.0.28", "product_id": "CSAFPID-5659537" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.29", "product": { "name": "vers:unknown/0.0.29", "product_id": "CSAFPID-5659538" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.3", "product": { "name": "vers:unknown/0.0.3", "product_id": "CSAFPID-5659539" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.4", "product": { "name": "vers:unknown/0.0.4", "product_id": "CSAFPID-5659540" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.5", "product": { "name": "vers:unknown/0.0.5", "product_id": "CSAFPID-5659541" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.6", "product": { "name": "vers:unknown/0.0.6", "product_id": "CSAFPID-5659542" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.7", "product": { "name": "vers:unknown/0.0.7", "product_id": "CSAFPID-5659543" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.8", "product": { "name": "vers:unknown/0.0.8", "product_id": "CSAFPID-5659544" } }, { "category": "product_version_range", "name": "vers:unknown/0.0.9", "product": { "name": "vers:unknown/0.0.9", "product_id": "CSAFPID-5659545" } }, { "category": "product_version_range", "name": "vers:unknown/0.1.0", "product": { "name": "vers:unknown/0.1.0", "product_id": "CSAFPID-5659546" } }, { "category": "product_version_range", "name": "vers:unknown/0.1.1", "product": { "name": "vers:unknown/0.1.1", "product_id": "CSAFPID-5659547" } }, { "category": "product_version_range", "name": "vers:unknown/0.1.5", "product": { "name": "vers:unknown/0.1.5", "product_id": "CSAFPID-5659548" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.10", "product": { "name": "vers:unknown/0.2.10", "product_id": "CSAFPID-5659549" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.11", "product": { "name": "vers:unknown/0.2.11", "product_id": "CSAFPID-5659550" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.12", "product": { "name": "vers:unknown/0.2.12", "product_id": "CSAFPID-5659551" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.13", "product": { "name": "vers:unknown/0.2.13", "product_id": "CSAFPID-5659552" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.15", "product": { "name": "vers:unknown/0.2.15", "product_id": "CSAFPID-5659553" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.17", "product": { "name": "vers:unknown/0.2.17", "product_id": "CSAFPID-5659554" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.18", "product": { "name": "vers:unknown/0.2.18", "product_id": "CSAFPID-5659555" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.21", "product": { "name": "vers:unknown/0.2.21", "product_id": "CSAFPID-5659556" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.22", "product": { "name": "vers:unknown/0.2.22", "product_id": "CSAFPID-5659557" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.24", "product": { "name": "vers:unknown/0.2.24", "product_id": "CSAFPID-5659558" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.26", "product": { "name": "vers:unknown/0.2.26", "product_id": "CSAFPID-5659559" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.3", "product": { "name": "vers:unknown/0.2.3", "product_id": "CSAFPID-5659560" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.30", "product": { "name": "vers:unknown/0.2.30", "product_id": "CSAFPID-5659561" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.31", "product": { "name": "vers:unknown/0.2.31", "product_id": "CSAFPID-5659562" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.37", "product": { "name": "vers:unknown/0.2.37", "product_id": "CSAFPID-5659563" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.4", "product": { "name": "vers:unknown/0.2.4", "product_id": "CSAFPID-5659564" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.42", "product": { "name": "vers:unknown/0.2.42", "product_id": "CSAFPID-5659565" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.43", "product": { "name": "vers:unknown/0.2.43", "product_id": "CSAFPID-5659566" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.44", "product": { "name": "vers:unknown/0.2.44", "product_id": "CSAFPID-5659567" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.45", "product": { "name": "vers:unknown/0.2.45", "product_id": "CSAFPID-5659568" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.5", "product": { "name": "vers:unknown/0.2.5", "product_id": "CSAFPID-5659569" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.51", "product": { "name": "vers:unknown/0.2.51", "product_id": "CSAFPID-5659570" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.52", "product": { "name": "vers:unknown/0.2.52", "product_id": "CSAFPID-5659571" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.53", "product": { "name": "vers:unknown/0.2.53", "product_id": "CSAFPID-5659572" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.54", "product": { "name": "vers:unknown/0.2.54", "product_id": "CSAFPID-5659573" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.55", "product": { "name": "vers:unknown/0.2.55", "product_id": "CSAFPID-5659574" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.58", "product": { "name": "vers:unknown/0.2.58", "product_id": "CSAFPID-5659575" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.59", "product": { "name": "vers:unknown/0.2.59", "product_id": "CSAFPID-5659576" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.6", "product": { "name": "vers:unknown/0.2.6", "product_id": "CSAFPID-5659577" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.60", "product": { "name": "vers:unknown/0.2.60", "product_id": "CSAFPID-5659578" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.61", "product": { "name": "vers:unknown/0.2.61", "product_id": "CSAFPID-5659579" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.62", "product": { "name": "vers:unknown/0.2.62", "product_id": "CSAFPID-5659580" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.63", "product": { "name": "vers:unknown/0.2.63", "product_id": "CSAFPID-5659581" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.64", "product": { "name": "vers:unknown/0.2.64", "product_id": "CSAFPID-5659582" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.65", "product": { "name": "vers:unknown/0.2.65", "product_id": "CSAFPID-5659583" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.68", "product": { "name": "vers:unknown/0.2.68", "product_id": "CSAFPID-5659584" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.69", "product": { "name": "vers:unknown/0.2.69", "product_id": "CSAFPID-5659585" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.7", "product": { "name": "vers:unknown/0.2.7", "product_id": "CSAFPID-5659586" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.70", "product": { "name": "vers:unknown/0.2.70", "product_id": "CSAFPID-5659587" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.71", "product": { "name": "vers:unknown/0.2.71", "product_id": "CSAFPID-5659588" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.72", "product": { "name": "vers:unknown/0.2.72", "product_id": "CSAFPID-5659589" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.73", "product": { "name": "vers:unknown/0.2.73", "product_id": "CSAFPID-5659590" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.74", "product": { "name": "vers:unknown/0.2.74", "product_id": "CSAFPID-5659591" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.8", "product": { "name": "vers:unknown/0.2.8", "product_id": "CSAFPID-5659592" } }, { "category": "product_version_range", "name": "vers:unknown/0.2.9", "product": { "name": "vers:unknown/0.2.9", "product_id": "CSAFPID-5659593" } }, { "category": "product_version_range", "name": "vers:unknown/0.3.0", "product": { "name": "vers:unknown/0.3.0", "product_id": "CSAFPID-5659594" } }, { "category": "product_version_range", "name": "vers:unknown/0.3.1", "product": { "name": "vers:unknown/0.3.1", "product_id": "CSAFPID-5659595" } }, { "category": "product_version_range", "name": "vers:unknown/0.3.2", "product": { "name": "vers:unknown/0.3.2", "product_id": "CSAFPID-5659596" } }, { "category": "product_version_range", "name": "vers:unknown/0.3.3", "product": { "name": "vers:unknown/0.3.3", "product_id": "CSAFPID-5659597" } }, { "category": "product_version_range", "name": "vers:unknown/0.3.4", "product": { "name": "vers:unknown/0.3.4", "product_id": "CSAFPID-5659598" } }, { "category": "product_version_range", "name": "vers:unknown/0.3.6", "product": { "name": "vers:unknown/0.3.6", "product_id": "CSAFPID-5659599" } }, { "category": "product_version_range", "name": "vers:unknown/<1.0.2", "product": { "name": "vers:unknown/<1.0.2", "product_id": "CSAFPID-5653681" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint-mongodb=0.0.5", "product": { "name": "vers:unknown/checkpoint-mongodb=0.0.5", "product_id": "CSAFPID-5659600" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint-mongodb==0.0.6", "product": { "name": "vers:unknown/checkpoint-mongodb==0.0.6", "product_id": "CSAFPID-5659601" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint-postgres==0.0.3", "product": { "name": "vers:unknown/checkpoint-postgres==0.0.3", "product_id": "CSAFPID-5659602" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint-postgres==0.0.5", "product": { "name": "vers:unknown/checkpoint-postgres==0.0.5", "product_id": "CSAFPID-5659603" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint-sqlite==0.1.4", "product": { "name": "vers:unknown/checkpoint-sqlite==0.1.4", "product_id": "CSAFPID-5659604" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint-sqlite==0.1.5", "product": { "name": "vers:unknown/checkpoint-sqlite==0.1.5", "product_id": "CSAFPID-5659605" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint==0.0.15", "product": { "name": "vers:unknown/checkpoint==0.0.15", "product_id": "CSAFPID-5659606" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint==0.0.16", "product": { "name": "vers:unknown/checkpoint==0.0.16", "product_id": "CSAFPID-5659607" } }, { "category": "product_version_range", "name": "vers:unknown/checkpoint==0.0.18", "product": { "name": "vers:unknown/checkpoint==0.0.18", "product_id": "CSAFPID-5659608" } }, { "category": "product_version_range", "name": "vers:unknown/create-langgraph@1.1.3", "product": { "name": "vers:unknown/create-langgraph@1.1.3", "product_id": "CSAFPID-5659609" } }, { "category": "product_version_range", "name": "vers:unknown/create-langgraph@1.1.4", "product": { "name": "vers:unknown/create-langgraph@1.1.4", "product_id": "CSAFPID-5659610" } }, { "category": "product_version_range", "name": "vers:unknown/create-langgraph@1.1.5", "product": { "name": "vers:unknown/create-langgraph@1.1.5", "product_id": "CSAFPID-5659611" } }, { "category": "product_version_range", "name": "vers:unknown/cua==0.0.6", "product": { "name": "vers:unknown/cua==0.0.6", "product_id": "CSAFPID-5659612" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.10", "product": { "name": "vers:unknown/supervisor==0.0.10", "product_id": "CSAFPID-5659613" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.11", "product": { "name": "vers:unknown/supervisor==0.0.11", "product_id": "CSAFPID-5659614" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.12", "product": { "name": "vers:unknown/supervisor==0.0.12", "product_id": "CSAFPID-5659615" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.13", "product": { "name": "vers:unknown/supervisor==0.0.13", "product_id": "CSAFPID-5659616" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.14", "product": { "name": "vers:unknown/supervisor==0.0.14", "product_id": "CSAFPID-5659617" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.5", "product": { "name": "vers:unknown/supervisor==0.0.5", "product_id": "CSAFPID-5659618" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.6", "product": { "name": "vers:unknown/supervisor==0.0.6", "product_id": "CSAFPID-5659619" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.7", "product": { "name": "vers:unknown/supervisor==0.0.7", "product_id": "CSAFPID-5659620" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.8", "product": { "name": "vers:unknown/supervisor==0.0.8", "product_id": "CSAFPID-5659621" } }, { "category": "product_version_range", "name": "vers:unknown/supervisor==0.0.9", "product": { "name": "vers:unknown/supervisor==0.0.9", "product_id": "CSAFPID-5659622" } }, { "category": "product_version_range", "name": "vers:unknown/swarm==0.0.1", "product": { "name": "vers:unknown/swarm==0.0.1", "product_id": "CSAFPID-5659623" } }, { "category": "product_version_range", "name": "vers:unknown/swarm==0.0.2", "product": { "name": "vers:unknown/swarm==0.0.2", "product_id": "CSAFPID-5659624" } }, { "category": "product_version_range", "name": "vers:unknown/swarm==0.0.3", "product": { "name": "vers:unknown/swarm==0.0.3", "product_id": "CSAFPID-5659625" } }, { "category": "product_version_range", "name": "vers:unknown/swarm==0.0.4", "product": { "name": "vers:unknown/swarm==0.0.4", "product_id": "CSAFPID-5659626" } } ], "category": "product_name", "name": "langgraphjs" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/1.0.2", "product": { "name": "vers:unknown/1.0.2", "product_id": "CSAFPID-5875587" } }, { "category": "product_version_range", "name": "vers:unknown/<1.0.2", "product": { "name": "vers:unknown/<1.0.2", "product_id": "CSAFPID-5875588" } } ], "category": "product_name", "name": "npm/@langchain/langgraph-checkpoint-redis" } ], "category": "vendor", "name": "langchain-ai" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-27022", "notes": [ { "category": "description", "text": "## Summary\n\nA query injection vulnerability exists in the `@langchain/langgraph-checkpoint-redis` package's filter handling. The `RedisSaver` and `ShallowRedisSaver` classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls.\n\n## Attack surface\n\nThe core vulnerability was in the `list()` methods of both `RedisSaver` and `ShallowRedisSaver`: these methods failed to escape RediSearch special characters in filter keys and values when constructing queries. When unescaped data containing RediSearch syntax was used, the injected operators were interpreted by RediSearch rather than treated as literal search values.\n\nThis escaping bug enabled the following attack vector:\n\n- **Thread boundary escape via OR operator**: RediSearch uses `|` as an OR operator with specific precedence rules. A query like `A B | C` is interpreted as `(A AND B) OR C`. By injecting `}) | (@thread_id:{*` into a filter value, an attacker can append an OR clause that matches all threads, effectively bypassing the thread isolation constraint.\n\nThe injected query `(@thread_id:{legitimate-thread}) (@source:{x}) | (@thread_id:{*})` matches:\n\n- Documents with `thread_id:legitimate-thread AND source:x`, OR\n- Documents with ANY `thread_id`\n\nThe second clause matches all threads, bypassing thread isolation entirely.\n\n## Who is affected?\n\nApplications are vulnerable if they:\n\n- **Pass user-controlled input to filter parameters** — When using `getStateHistory()` or `checkpointer.list()` with filter values derived from user input, HTTP parameters, or other untrusted sources.\n- **Use Redis checkpointing in multi-tenant applications** — Applications that rely on thread isolation to separate data between users or tenants are at risk of cross-tenant data access.\n\nThe most common attack vector is through API endpoints that expose filtering capabilities to end users, allowing them to search or filter their conversation history.\n\n## Impact\n\nAttackers who control filter input can bypass thread isolation by injecting RediSearch OR operators to construct queries that match all threads regardless of the intended thread constraint. This enables access to checkpoint data from threads the attacker is not authorized to view.\n\nKey severity factors:\n\n- Enables complete bypass of thread-based access controls\n- Sensitive conversation data from other users may be exposed\n- Affects multi-tenant applications relying on thread isolation for data separation\n- Requires only control over filter input values (common in user-facing APIs)\n\n## Exploit example\n\n```typescript\nimport { RedisSaver } from \"@langchain/langgraph-checkpoint-redis\";\n\nconst saver = new RedisSaver({ /* redis config */ });\n\n// Normal usage - should only see thread \"user-123-thread\"\nconst legitHistory = saver.list({\n configurable: { thread_id: \"user-123-thread\" }\n}, {\n filter: { source: \"loop\" }\n});\n\n// Attacker crafts malicious filter value\nconst attackerFilter = {\n source: \"x}) | (@thread_id:{*\" // Injects OR clause matching ALL threads\n};\n\n// This produces a query like:\n// (@thread_id:{user-123-thread}) (@source:{x}) | (@thread_id:{*})\n// Due to precedence, this matches ALL threads!\n\nconst stolenHistory = saver.list({\n configurable: { thread_id: \"user-123-thread\" }\n}, {\n filter: attackerFilter\n});\n\n// stolenHistory now contains checkpoints from ALL threads - DATA LEAKED!\n```\n\n## Security hardening changes\n\nThe 1.0.2 patch introduces the following changes:\n\n- **Escape utility function**: A new `escapeRediSearchTagValue()` function properly escapes all RediSearch special characters (`- . < > { } [ ] \" ' : ; ! @ # $ % ^ & * ( ) + = ~ | \\ ? /`) by prefixing them with backslashes.\n- **Filter key escaping**: All filter keys are escaped before being used in query construction.\n- **Filter value escaping**: All filter values are escaped before being interpolated into RediSearch tag queries.\n\n## Migration guide\n\n### No changes needed for most users\n\nThe fix is backward compatible. Existing code will work without modifications—filter values that previously worked will continue to work, with the added protection against injection:\n\n```typescript\nimport { RedisSaver } from \"@langchain/langgraph-checkpoint-redis\";\n\n// Works exactly as before, now with injection protection\nconst history = saver.list(config, {\n filter: { source: \"loop\" }\n});\n```\n\n### If you were relying on special characters\n\nIf your application intentionally used RediSearch syntax in filter values (unlikely but possible), be aware that these characters will now be escaped and treated as literals.\n\n### For applications with user-facing filters\n\nNo code changes required, but this is a good time to review your API design:\n\n```typescript\n// Before: Vulnerable to injection\napp.get(\"/history\", async (req, res) => {\n const history = await saver.list(config, {\n filter: req.query.filter // User-controlled - was vulnerable\n });\n});\n\n// After: Now safe, but consider validating allowed filter keys\napp.get(\"/history\", async (req, res) => {\n const allowedKeys = [\"source\", \"step\"];\n const sanitizedFilter = Object.fromEntries(\n Object.entries(req.query.filter || {})\n .filter(([key]) => allowedKeys.includes(key))\n );\n const history = await saver.list(config, {\n filter: sanitizedFilter\n });\n});\n```\n\n> **Recommendation**: Even with the fix in place, consider validating that filter keys are from an allowed list as a defense-in-depth measure.\n\n## References\n\n- [RediSearch Query Syntax](https://redis.io/docs/interact/search-and-query/query/)\n- [LangGraph Checkpoint Documentation](https://langchain-ai.github.io/langgraphjs/)", "title": "github - https://github.com/advisories/GHSA-5mx2-w598-339m" }, { "category": "description", "text": "@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-27022" }, { "category": "description", "text": "@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-27022" }, { "category": "description", "text": "@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-27022.json?alt=media" }, { "category": "description", "text": "## Summary\n\nA query injection vulnerability exists in the `@langchain/langgraph-checkpoint-redis` package's filter handling. The `RedisSaver` and `ShallowRedisSaver` classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls.\n\n## Attack surface\n\nThe core vulnerability was in the `list()` methods of both `RedisSaver` and `ShallowRedisSaver`: these methods failed to escape RediSearch special characters in filter keys and values when constructing queries. When unescaped data containing RediSearch syntax was used, the injected operators were interpreted by RediSearch rather than treated as literal search values.\n\nThis escaping bug enabled the following attack vector:\n\n- **Thread boundary escape via OR operator**: RediSearch uses `|` as an OR operator with specific precedence rules. A query like `A B | C` is interpreted as `(A AND B) OR C`. By injecting `}) | (@thread_id:{*` into a filter value, an attacker can append an OR clause that matches all threads, effectively bypassing the thread isolation constraint.\n\nThe injected query `(@thread_id:{legitimate-thread}) (@source:{x}) | (@thread_id:{*})` matches:\n\n- Documents with `thread_id:legitimate-thread AND source:x`, OR\n- Documents with ANY `thread_id`\n\nThe second clause matches all threads, bypassing thread isolation entirely.\n\n## Who is affected?\n\nApplications are vulnerable if they:\n\n- **Pass user-controlled input to filter parameters** — When using `getStateHistory()` or `checkpointer.list()` with filter values derived from user input, HTTP parameters, or other untrusted sources.\n- **Use Redis checkpointing in multi-tenant applications** — Applications that rely on thread isolation to separate data between users or tenants are at risk of cross-tenant data access.\n\nThe most common attack vector is through API endpoints that expose filtering capabilities to end users, allowing them to search or filter their conversation history.\n\n## Impact\n\nAttackers who control filter input can bypass thread isolation by injecting RediSearch OR operators to construct queries that match all threads regardless of the intended thread constraint. This enables access to checkpoint data from threads the attacker is not authorized to view.\n\nKey severity factors:\n\n- Enables complete bypass of thread-based access controls\n- Sensitive conversation data from other users may be exposed\n- Affects multi-tenant applications relying on thread isolation for data separation\n- Requires only control over filter input values (common in user-facing APIs)\n\n## Exploit example\n\n```typescript\nimport { RedisSaver } from \"@langchain/langgraph-checkpoint-redis\";\n\nconst saver = new RedisSaver({ /* redis config */ });\n\n// Normal usage - should only see thread \"user-123-thread\"\nconst legitHistory = saver.list({\n configurable: { thread_id: \"user-123-thread\" }\n}, {\n filter: { source: \"loop\" }\n});\n\n// Attacker crafts malicious filter value\nconst attackerFilter = {\n source: \"x}) | (@thread_id:{*\" // Injects OR clause matching ALL threads\n};\n\n// This produces a query like:\n// (@thread_id:{user-123-thread}) (@source:{x}) | (@thread_id:{*})\n// Due to precedence, this matches ALL threads!\n\nconst stolenHistory = saver.list({\n configurable: { thread_id: \"user-123-thread\" }\n}, {\n filter: attackerFilter\n});\n\n// stolenHistory now contains checkpoints from ALL threads - DATA LEAKED!\n```\n\n## Security hardening changes\n\nThe 1.0.2 patch introduces the following changes:\n\n- **Escape utility function**: A new `escapeRediSearchTagValue()` function properly escapes all RediSearch special characters (`- . < > { } [ ] \" ' : ; ! @ # $ % ^ & * ( ) + = ~ | \\ ? /`) by prefixing them with backslashes.\n- **Filter key escaping**: All filter keys are escaped before being used in query construction.\n- **Filter value escaping**: All filter values are escaped before being interpolated into RediSearch tag queries.\n\n## Migration guide\n\n### No changes needed for most users\n\nThe fix is backward compatible. Existing code will work without modifications—filter values that previously worked will continue to work, with the added protection against injection:\n\n```typescript\nimport { RedisSaver } from \"@langchain/langgraph-checkpoint-redis\";\n\n// Works exactly as before, now with injection protection\nconst history = saver.list(config, {\n filter: { source: \"loop\" }\n});\n```\n\n### If you were relying on special characters\n\nIf your application intentionally used RediSearch syntax in filter values (unlikely but possible), be aware that these characters will now be escaped and treated as literals.\n\n### For applications with user-facing filters\n\nNo code changes required, but this is a good time to review your API design:\n\n```typescript\n// Before: Vulnerable to injection\napp.get(\"/history\", async (req, res) => {\n const history = await saver.list(config, {\n filter: req.query.filter // User-controlled - was vulnerable\n });\n});\n\n// After: Now safe, but consider validating allowed filter keys\napp.get(\"/history\", async (req, res) => {\n const allowedKeys = [\"source\", \"step\"];\n const sanitizedFilter = Object.fromEntries(\n Object.entries(req.query.filter || {})\n .filter(([key]) => allowedKeys.includes(key))\n );\n const history = await saver.list(config, {\n filter: sanitizedFilter\n });\n});\n```\n\n> **Recommendation**: Even with the fix in place, consider validating that filter keys are from an allowed list as a defense-in-depth measure.\n\n## References\n\n- [RediSearch Query Syntax](https://redis.io/docs/interact/search-and-query/query/)\n- [LangGraph Checkpoint Documentation](https://langchain-ai.github.io/langgraphjs/)", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/npm%2FGHSA-5mx2-w598-339m.json?alt=media" }, { "category": "description", "text": "A query injection vulnerability exists in the `@langchain/langgraph-checkpoint-redis` package's filter handling. The `RedisSaver` and `ShallowRedisSaver` classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls.", "title": "gitlab - https://gitlab.com/api/v4/projects/25847700/repository/files/npm%2F@langchain%2Flanggraph-checkpoint-redis%2FCVE-2026-27022.yml/raw" }, { "category": "other", "text": "0.00035", "title": "EPSS" }, { "category": "other", "text": "3.9", "title": "NCSC Score" }, { "category": "other", "text": "The value of the most recent EPSS score, There is cwe data available from source Nvd", "title": "NCSC Score top decreasing factors" } ], "product_status": { "fixed": [ "CSAFPID-5875587" ], "known_affected": [ "CSAFPID-5653681", "CSAFPID-5659525", "CSAFPID-5659526", "CSAFPID-5659527", "CSAFPID-5659528", "CSAFPID-5659529", "CSAFPID-5659530", "CSAFPID-5659531", "CSAFPID-5659532", "CSAFPID-5659533", "CSAFPID-5659534", "CSAFPID-5659535", "CSAFPID-5659536", "CSAFPID-5659537", "CSAFPID-5659538", "CSAFPID-5659539", "CSAFPID-5659540", "CSAFPID-5659541", "CSAFPID-5659542", "CSAFPID-5659543", "CSAFPID-5659544", "CSAFPID-5659545", "CSAFPID-5659546", "CSAFPID-5659547", "CSAFPID-5659548", "CSAFPID-5659549", "CSAFPID-5659550", "CSAFPID-5659551", "CSAFPID-5659552", "CSAFPID-5659553", "CSAFPID-5659554", "CSAFPID-5659555", "CSAFPID-5659556", "CSAFPID-5659557", "CSAFPID-5659558", "CSAFPID-5659559", "CSAFPID-5659560", "CSAFPID-5659561", "CSAFPID-5659562", "CSAFPID-5659563", "CSAFPID-5659564", "CSAFPID-5659565", "CSAFPID-5659566", "CSAFPID-5659567", "CSAFPID-5659568", "CSAFPID-5659569", "CSAFPID-5659570", "CSAFPID-5659571", "CSAFPID-5659572", "CSAFPID-5659573", "CSAFPID-5659574", "CSAFPID-5659575", "CSAFPID-5659576", "CSAFPID-5659577", "CSAFPID-5659578", "CSAFPID-5659579", "CSAFPID-5659580", "CSAFPID-5659581", "CSAFPID-5659582", "CSAFPID-5659583", "CSAFPID-5659584", "CSAFPID-5659585", "CSAFPID-5659586", "CSAFPID-5659587", "CSAFPID-5659588", "CSAFPID-5659589", "CSAFPID-5659590", "CSAFPID-5659591", "CSAFPID-5659592", "CSAFPID-5659593", "CSAFPID-5659594", "CSAFPID-5659595", "CSAFPID-5659596", "CSAFPID-5659597", "CSAFPID-5659598", "CSAFPID-5659599", "CSAFPID-5659600", "CSAFPID-5659601", "CSAFPID-5659602", "CSAFPID-5659603", "CSAFPID-5659604", "CSAFPID-5659605", "CSAFPID-5659606", "CSAFPID-5659607", "CSAFPID-5659608", "CSAFPID-5659609", "CSAFPID-5659610", "CSAFPID-5659611", "CSAFPID-5659612", "CSAFPID-5659613", "CSAFPID-5659614", "CSAFPID-5659615", "CSAFPID-5659616", "CSAFPID-5659617", "CSAFPID-5659618", "CSAFPID-5659619", "CSAFPID-5659620", "CSAFPID-5659621", "CSAFPID-5659622", "CSAFPID-5659623", "CSAFPID-5659624", "CSAFPID-5659625", "CSAFPID-5659626", "CSAFPID-5664735", "CSAFPID-5875588" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-5mx2-w598-339m" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-5mx2-w598-339m" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27022" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/27xxx/CVE-2026-27022.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27022" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-27022" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27022" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-27022.json?alt=media" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/npm%2FGHSA-5mx2-w598-339m.json?alt=media" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - gitlab", "url": "https://gitlab.com/api/v4/projects/25847700/repository/files/npm%2F@langchain%2Flanggraph-checkpoint-redis%2FCVE-2026-27022.yml/raw" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv", "url": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv", "url": "https://github.com/langchain-ai/langgraphjs/pull/1943" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv", "url": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv", "url": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2" }, { "category": "external", "summary": "Reference - github; gitlab", "url": "https://github.com/advisories/GHSA-5mx2-w598-339m" }, { "category": "external", "summary": "Reference - osv", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27022.json" }, { "category": "external", "summary": "Reference - github; gitlab; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27022" }, { "category": "external", "summary": "Reference - gitlab", "url": "https://github.com/langchain-ai/langgraphjs" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-5653681", "CSAFPID-5659525", "CSAFPID-5659526", "CSAFPID-5659527", "CSAFPID-5659528", "CSAFPID-5659529", "CSAFPID-5659530", "CSAFPID-5659531", "CSAFPID-5659532", "CSAFPID-5659533", "CSAFPID-5659534", "CSAFPID-5659535", "CSAFPID-5659536", "CSAFPID-5659537", "CSAFPID-5659538", "CSAFPID-5659539", "CSAFPID-5659540", "CSAFPID-5659541", "CSAFPID-5659542", "CSAFPID-5659543", "CSAFPID-5659544", "CSAFPID-5659545", "CSAFPID-5659546", "CSAFPID-5659547", "CSAFPID-5659548", "CSAFPID-5659549", "CSAFPID-5659550", "CSAFPID-5659551", "CSAFPID-5659552", "CSAFPID-5659553", "CSAFPID-5659554", "CSAFPID-5659555", "CSAFPID-5659556", "CSAFPID-5659557", "CSAFPID-5659558", "CSAFPID-5659559", "CSAFPID-5659560", "CSAFPID-5659561", "CSAFPID-5659562", "CSAFPID-5659563", "CSAFPID-5659564", "CSAFPID-5659565", "CSAFPID-5659566", "CSAFPID-5659567", "CSAFPID-5659568", "CSAFPID-5659569", "CSAFPID-5659570", "CSAFPID-5659571", "CSAFPID-5659572", "CSAFPID-5659573", "CSAFPID-5659574", "CSAFPID-5659575", "CSAFPID-5659576", "CSAFPID-5659577", "CSAFPID-5659578", "CSAFPID-5659579", "CSAFPID-5659580", "CSAFPID-5659581", "CSAFPID-5659582", "CSAFPID-5659583", "CSAFPID-5659584", "CSAFPID-5659585", "CSAFPID-5659586", "CSAFPID-5659587", "CSAFPID-5659588", "CSAFPID-5659589", "CSAFPID-5659590", "CSAFPID-5659591", "CSAFPID-5659592", "CSAFPID-5659593", "CSAFPID-5659594", "CSAFPID-5659595", "CSAFPID-5659596", "CSAFPID-5659597", "CSAFPID-5659598", "CSAFPID-5659599", "CSAFPID-5659600", "CSAFPID-5659601", "CSAFPID-5659602", "CSAFPID-5659603", "CSAFPID-5659604", "CSAFPID-5659605", "CSAFPID-5659606", "CSAFPID-5659607", "CSAFPID-5659608", "CSAFPID-5659609", "CSAFPID-5659610", "CSAFPID-5659611", "CSAFPID-5659612", "CSAFPID-5659613", "CSAFPID-5659614", "CSAFPID-5659615", "CSAFPID-5659616", "CSAFPID-5659617", "CSAFPID-5659618", "CSAFPID-5659619", "CSAFPID-5659620", "CSAFPID-5659621", "CSAFPID-5659622", "CSAFPID-5659623", "CSAFPID-5659624", "CSAFPID-5659625", "CSAFPID-5659626", "CSAFPID-5664735", "CSAFPID-5875588" ] } ], "title": "CVE-2026-27022" } ] }