CVE-2026-14742 Overview
CVE-2026-14742 affects langchain-ai/langgraph versions up to 1.2.4. The vulnerability resides in the _freeze function within libs/langgraph/langgraph/_internal/_cache.py, part of the Task Result Cache component. Manipulation of the default_cache_key argument causes the use of a weak hash algorithm [CWE-327]. The issue is exploitable remotely, though attack complexity is high and successful exploitation is described as difficult. A public disclosure exists, and a pull request to remediate the flaw awaits acceptance upstream.
Critical Impact
A remote attacker with low privileges can leverage the weak hashing behavior in the Task Result Cache to influence cache-key uniqueness, potentially causing collision-based cache confusion in LangGraph workflows.
Affected Products
- langchain-ai langgraph up to and including version 1.2.4
- Component: Task Result Cache (libs/langgraph/langgraph/_internal/_cache.py)
- Function: _freeze handling default_cache_key
Discovery Timeline
- 2026-07-05 - CVE-2026-14742 published to NVD
- 2026-07-06 - Last updated in NVD database
Technical Details for CVE-2026-14742
Vulnerability Analysis
LangGraph uses the _freeze helper to normalize task inputs so they can be transformed into a deterministic cache key. When default_cache_key is derived, the implementation relies on a cryptographically weak hash function to fingerprint frozen structures. Because the hash is not collision-resistant, distinct task inputs can produce the same cache key. An attacker who can influence task parameters submitted to a LangGraph workflow can craft inputs that collide with a legitimate cached entry and retrieve or overwrite the result associated with that key.
The attack must be delivered over the network and requires low privileges, but crafting a usable collision against the target's cache namespace makes exploitation difficult in practice. The EPSS estimate is 0.16%, consistent with the high complexity described by the reporter.
Root Cause
The root cause is the selection of a non-cryptographic or otherwise weak hash primitive inside _freeze for generating default_cache_key. Cache keys used to arbitrate stored task results should be built on collision-resistant primitives such as SHA-256. Using a weak hash violates the security assumption that unique inputs yield unique cache entries.
Attack Vector
Exploitation requires a remote actor with the ability to submit task inputs to a LangGraph workflow that uses the Task Result Cache. The attacker constructs inputs designed to collide with the cache key of a legitimate cached task, and then either observes the cached response for another user's input or poisons the cache entry so subsequent lookups return attacker-influenced data. See the GitHub Issue #8009 and GitHub Pull Request #8069 for technical discussion.
No verified public exploit code is available. The vulnerability mechanism is described in prose because no vetted proof-of-concept has been published in the referenced advisories.
Detection Methods for CVE-2026-14742
Indicators of Compromise
- Unexpected cache hits in LangGraph task execution logs where the input payloads differ from the originating cached request.
- Repeated task submissions from a single client that iterate over structurally similar payloads, consistent with collision search.
- Divergence between logged task inputs and returned task outputs for cached workflow steps.
Detection Strategies
- Instrument _freeze and cache lookup code paths to log both the raw input hash and the resulting default_cache_key, and alert on colliding inputs.
- Compare cache-key distribution over time; a sudden narrowing of the key space suggests collision attempts.
- Track LangGraph dependency versions in software composition analysis tooling and flag builds pinned to versions <= 1.2.4.
Monitoring Recommendations
- Enable verbose logging around task caching for multi-tenant LangGraph deployments and forward events to a centralized analytics platform.
- Monitor upstream activity on GitHub Pull Request #8069 to detect when a fixed release becomes available.
- Baseline normal cache hit ratios per workflow and alert on statistically significant deviations.
How to Mitigate CVE-2026-14742
Immediate Actions Required
- Inventory all applications and services that embed langchain-ai/langgraph at version 1.2.4 or earlier.
- Restrict who can submit tasks to LangGraph workflows to trusted, authenticated principals only.
- Disable or scope the Task Result Cache in multi-tenant deployments until a patched release is available.
Patch Information
No fixed release has been published at the time of NVD entry. Remediation is tracked in GitHub Pull Request #8069, which awaits acceptance. Consult the langchain-ai/langgraph repository for release notes and upgrade to the first version that merges the fix. Additional advisory context is available at VulDB CVE-2026-14742.
Workarounds
- Replace the weak hash in a local fork of _cache.py with a collision-resistant primitive such as hashlib.sha256 when building default_cache_key.
- Segment caches per tenant or per authenticated principal so that cache-key collisions cannot cross trust boundaries.
- Reduce cache lifetime, or disable caching entirely for workflows that process untrusted input, until the upstream patch is merged.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

