Vulnerability  ·  2026-07-06

LangGraph — Weak Hash in Task Result Cache Key Generation

VulnerabilityLow impactGlobalCVE-2026-14742
CVE-2026-14742 (CVSS 3.1 Low, published 2026-07-05) is a weak-hash weakness in LangGraph's task result caching component.
LangGraph is a widely-used agent-orchestration framework, but this specific bug is low severity and narrow (cache-key collision risk) rather than a direct code-execution or data-exposure path — kept as a precise catalogued CVE.
The _freeze function's default_cache_key argument uses a weak/non-cryptographic hash function, potentially enabling cache-key collisions or prediction in the Task Result Cache.
langchain-ai langgraph ≤ 1.2.4 (libs/langgraph/langgraph/_internal/_cache.py)
No fix version confirmed at disclosure; use a cryptographically strong hash for cache keys as a workaround.
NVD CVE-2026-14742
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →