Bug 2497132 (CVE-2026-14742) - CVE-2026-14742 langgraph: Langgraph: Information Disclosure via Weak Hash in Task Result Cache
Summary: CVE-2026-14742 langgraph: Langgraph: Information Disclosure via Weak Hash in ...
Keywords:
Status: NEW
Alias: CVE-2026-14742
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-05 11:01 UTC by OSIDB Bzimport
Modified: 2026-07-07 14:28 UTC (History)
23 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-05 11:01:15 UTC
A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.


Note You need to log in before you can comment on or make changes to this bug.