LangChain Security Alert: What You Need to Know
Cybersecurity researchers at Cyera have disclosed three security vulnerabilities in LangChain and LangGraph — open-source AI application frameworks downloaded tens of millions of times weekly — that could allow attackers to access filesystem data, steal API keys, and extract conversation histories from enterprise deployments. The disclosure, published Thursday by researcher Vladimir Tokarev, arrives amid a wave of exploitation targeting the broader LangChain ecosystem.
Three Flaws, Three Attack Paths
The vulnerabilities each target a different layer of enterprise data. CVE-2026-34070, scored at 7.5 on the CVSS scale, is a path traversal flaw in LangChain's prompt-loading API that lets attackers read arbitrary files — including Docker configurations — by supplying a crafted prompt template. CVE-2025-68664, the most severe at CVSS 9.3, exploits a deserialization weakness in LangChain's serialization functions to trick applications into leaking environment secrets such as cloud credentials, database connection strings, and LLM API keys. Researchers at Cyata first flagged this flaw in December 2025 under the name "LangGrinch," identifying 12 distinct exploit flows through routine agent operations. The third flaw, CVE-2025-67644 (CVSS 7.3), is an SQL injection vulnerability in LangGraph's SQLite checkpoint system that enables attackers to run arbitrary queries against the database storing conversation histories.
Patches have been issued: CVE-2026-34070 is fixed in langchain-core 1.2.22, CVE-2025-68664 in langchain-core versions 0.3.81 and 1.2.5, and CVE-2025-67644 in langgraph-checkpoint-sqlite 3.0.1.
A Wider Pattern of AI Framework Exploitation
The disclosure follows days after a separate critical flaw in Langflow (CVE-2026-33017, CVSS 9.3), an open-source platform related to LangChain, came under active exploitation within 20 hours of its advisory being published on March 17. Cloud security firm Sysdig observed attackers building working exploits directly from the advisory description — before any proof-of-concept code was publicly available — and quickly moving to exfiltrate credentials and deploy payloads. CISA added the Langflow vulnerability to its Known Exploited Vulnerabilities catalog on March 25.
Ripple Effects Across the AI Stack
The rapid exploitation timeline underscores the shrinking window organizations have to patch. Cyera warned that LangChain's position at the center of the AI development ecosystem amplifies the risk. "Hundreds of libraries wrap LangChain, extend it, or depend on it," the firm said. "When a vulnerability exists in LangChain's core, it ripples outward through every downstream library, every wrapper, every integration that inherits the vulnerable code path."
