Impact
The vulnerability resides in the LangGraph Python SDK, which builds HTTP request paths from caller‑supplied identifier values without sanitization. When an identifier contains characters that have special meaning in URL paths, the SDK can construct a path that points to a different resource or resource type than intended. Consequently an attacker can unintentionally access, modify, or delete resources outside the calling user's authorization scope. This flaw implicates CWE‑22 for path traversal and CWE‑863 for missing input validation.
Affected Systems
The affected products are the LangChain AI LangGraph Python SDK and related libraries from langchain‑ai. Versions 0.3.14 and earlier are impacted; the fix was released in version 0.3.15.
Risk and Exploitability
The CVSS score of 4.2 indicates a low severity, and the EPSS score of less than 1% suggests a very low but non‑zero chance of exploitation. The flaw is not listed in the CISA KEV catalog. Exploitation would require an attacker to supply or manipulate an identifier value that originates from an untrusted source, such as an end‑user input passed to the SDK. If the deployment relies on upstream URL‑prefix based authorization, the attack could bypass those controls by redirecting the request to an unintended resource.
OpenCVE Enrichment
Github GHSA