Three widely used AI agent frameworks, LangGraph, Langflow, and LangChain, have been found to have security vulnerabilities. LangGraph has a SQL injection vulnerability, while Langflow has a path traversal vulnerability that has been exploited in the wild, with approximately 7,000 exposed instances on the internet. LangChain-core has a path traversal vulnerability in its legacy prompt-loading API.
These vulnerabilities can be used to gain remote code execution and access sensitive data, including database credentials and API keys. The vulnerabilities have been patched, but many instances remain unpatched, leaving them open to attack.
Security experts are warning that these vulnerabilities are not just technical issues, but also governance failures, with many teams miscategorizing AI agent frameworks as low-risk and not prioritizing their security. The consequences of these vulnerabilities can be severe, with potential damage to business operations and reputation.
