LangGraph Flaws Enable Remote Code Execution

Three patched vulnerabilities in LangGraph, including an SQL injection, can be chained for remote code execution on self-hosted deployments using SQLite or Redis checkpointers with user-controlled filter input. The attack requires exposing the get_state_history() endpoint. LangChain's managed platform is not affected.