CVE-2025-68664 – LangChain and LangGraph Security Update for Multiple Vulnerabilities
“AI orchestration layers become a direct attack path when critical flaws go unpatched.”
LangChain and LangGraph released updates addressing three vulnerabilities impacting application logic and execution flow within AI-driven systems. These frameworks are often deeply embedded in modern applications, meaning weaknesses can quickly translate into real system compromise.
CVE-2025-68664 has a CVSS score of 9.3, which is Critical severity. This issue carries the highest risk and has verified proof-of-concept code, increasing the likelihood of exploitation. CVE-2026-34070 has a CVSS score of 7.5, which is High severity. CVE-2025-67644 has a CVSS score of 7.3, which is High severity. Both high-severity issues introduce meaningful risk but currently have no confirmed exploitation.
The patch strengthens execution boundaries and input handling across the frameworks, reducing the risk of unauthorized actions and system manipulation through AI workflows.
Key Details
- Affected Product
- Langchain Langchain Core
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-502