All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical security flaws in LangGraph, Langflow, and LangChain expose 7,000+ servers to remote code execution

By

Louis Columbus

14d ago· 12 min readenNews

Summary

Check Point Research, Tenable, VulnCheck, and Cyera have discovered that three major AI agent frameworks — LangGraph, Langflow, and LangChain — contain critical security vulnerabilities (SQL injection and path traversal) that are being actively exploited in the wild. These flaws allow attackers to achieve remote code execution on servers holding sensitive credentials like OpenAI keys, database credentials, and CRM tokens. The vulnerabilities exist below the layer where most security tools monitor, making them particularly dangerous. An estimated 7,000+ servers are exposed.

Source

bskyCritical security flaws in LangGraph, Langflow, and LangChain expose 7,000+ servers to remote code executionventurebeat.com

Key quotes

· 4 pulled
Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens.
In a few months, three of the most widely deployed AI agent frameworks each turned a known, ordinary bug class into a way through.
Check Point Research chained a SQL injection in LangGraph's SQLite checkpointer to full remote code execution.
Tenable and VulnCheck tracked a path traversal in Langflow's file upload endpoint to active, in-the-wild RCE.
Snippet from the RSS feed
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.