EXECUTIVE SUMMARY:
CVE-2026-27022 with a CVSS score of 6.5 is a query injection vulnerability affecting the @langchain/langgraph-checkpoint-redis package where improper escaping of user supplied filter keys and values leads to manipulation of RediSearch query logic. The flaw exists in RedisSaver and ShallowRedisSaver components that construct search queries by directly embedding filter parameters allowing special RediSearch syntax characters to be interpreted as operators rather than literal values. This weakness is most evident in list functionality where crafted input can introduce logical operators such as OR to alter query precedence and expand search results beyond intended boundaries. Applications that accept user-controlled filter input through APIs especially those providing conversation history filtering are exposed to exploitation. The issue poses a notable risk in multi-tenant environments using Redis checkpointing for thread-based data separation because attackers can inject operators that bypass isolation controls and retrieve checkpoint data belonging to other threads. Successful exploitation enables unauthorized access to sensitive conversation state and checkpoint information by forcing queries to match records across all threads instead of a restricted context. The vulnerability impacts versions prior to the patched release and highlights an access control bypass scenario requiring only control over filter input values making it a practical risk for deployments that rely on filtering features for data retrieval.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-27022 with a CVSS score of 6.5 is a query injection vulnerability affecting the @langchain/langgraph-checkpoint-redis package where improper escaping of user supplied filter keys and values leads to manipulation of RediSearch query logic. The flaw exists in RedisSaver and ShallowRedisSaver components that construct search queries by directly embedding filter parameters allowing special RediSearch syntax characters to be interpreted as operators rather than literal values. This weakness is most evident in list functionality where crafted input can introduce logical operators such as OR to alter query precedence and expand search results beyond intended boundaries. Applications that accept user-controlled filter input through APIs especially those providing conversation history filtering are exposed to exploitation. The issue poses a notable risk in multi-tenant environments using Redis checkpointing for thread-based data separation because attackers can inject operators that bypass isolation controls and retrieve checkpoint data belonging to other threads. Successful exploitation enables unauthorized access to sensitive conversation state and checkpoint information by forcing queries to match records across all threads instead of a restricted context. The vulnerability impacts versions prior to the patched release and highlights an access control bypass scenario requiring only control over filter input values making it a practical risk for deployments that rely on filtering features for data retrieval.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend update langchain/langgraph-checkpoint-redis package (npm) to version 1.0.2.
REFERENCES:
The following reports contain further technical details:
[/emaillocker]