LangGraph checkpoint loading has unsafe msgpack deserialization
LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. This is a post-exploitation / defense-in-depth issue. Exploitation requires the ability to write attacker-controlled checkpoint …