LangGraph, a widely used AI agent framework in the LangChain ecosystem, contains a chain of critical vulnerabilities that could let attackers seize control of AI servers, execute remote code, and access sensitive data across organizations.

An initial SQL injection flaw in a history retrieval function could be exploited with a second processing flaw to alter retrieved data and trigger remote code execution on the server.

The platform handles about 46.5 million downloads per month and automates tasks across customer service, document management, technical support, and other internal processes, amplifying the potential impact of a breach.

Not all LangGraph users were affected; risk mainly targeted self-hosted installations using certain storage engines, while cloud-managed deployments on PostgreSQL infrastructure were not impacted.

Three critical vulnerabilities were identified and fixed via security updates, affecting components that manage persistent storage (SQLite, Redis) and data deserialization; updated software versions include the fixes.

Potentially exposed data included API keys, conversation histories, corporate credentials, internal logs, and data linked through external integrations such as customer databases and CRM systems.

AI amplifies traditional risks by embedding common weaknesses (like SQL injection) within agent architectures that handle credentials and connect to multiple enterprise systems, increasing potential impact when exploited.