Intel

AIKIDO-2026-555920

@langchain/langgraph-checkpoint is vulnerable to Prototype Pollution

Prototype Pollution Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Today

43

Medium Risk

This Affects:

JS@langchain/langgraph-checkpoint
0.0.1 - 1.0.2
Fixed in 1.0.3
Are you affected? Scan for Free

TL;DR

MemorySaver in @langchain/langgraph-checkpoint stores checkpoints and writes in nested plain objects keyed by caller-supplied identifiers such as thread_id, checkpoint_ns, checkpoint_id, and task_id. These identifiers are written into this.storage and this.writes without validating them against reserved property names. An attacker who controls one of these identifiers can supply a key such as __proto__, constructor, or prototype to walk into Object.prototype and inject properties onto it, affecting all objects in the process. The fix adds an assertSafeStorageKey guard at the entry points of put, putWrites, deleteThread, getTuple, and list that rejects reserved keys before they are used as storage keys.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application uses MemorySaver with untrusted values for thread_id, checkpoint_ns, checkpoint_id, or task_id.

Background info

@langchain/langgraph-checkpoint is vulnerable to Prototype Pollution in versions 0.0.1 - 1.0.2.

How to fix this

Upgrade the @langchain/langgraph-checkpoint library to the patch version.