LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access
A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads (for example MongoDB operators like $gt and $ne) could be interpreted as query operators instead of literal identifier values. This could bypass intended thread scoping and return checkpoints from other tenants.