ثغرات LangGraph تفتح باب الاختراق الكامل لوكلاء AI ذاتيي الاستضافة! سلسلة خطيرة قد تحول ذاكرة AI إلى سلاح ضدك، مهددة البيانات الحساسة والبنية التحتية. 🛡️ كشفت الأبحاث الأمنية الحديثة من Check Point عن سلسلة من ثلاث ثغرات حرجة تؤثر بشكل مباشر على إطار عمل LangGraph مفتوح المصدر من LangChain. هذه الثغرات، عند استغلالها معًا، تسمح للمهاجمين بتنفيذ تعليمات برمجية عن بعد (RCE) والاستيلاء التام على تطبيقات وكلاء الذكاء الاصطناعي التي تستضيفها الشركات ذاتيًا، مما يشكل تهديدًا أمنيًا خطيرًا للغاية. 🔹 CVE-2025-67644: ثغرة حقن SQL في SQLite checkpoint تسمح بالتلاعب بالاستعلامات. 🔸 CVE-2026-28277: ضعف في إلغاء تسلسل msgpack يمكن أن يؤدي إلى إعادة بناء كائن ضار. ⚡ التأثير: سلسلة الثغرات هذه تُمكن المهاجم من تحويل الوصول لبيانات Checkpoint إلى تنفيذ تعليمات برمجية كاملة على الخادم المستهدف. 🚀 التعرض: تنطبق على عمليات النشر ذاتية الاستضافة باستخدام Checkpointer SQLite أو Redis مع مدخلات المستخدم. يُبرز هذا الكشف كيف يمكن لثغرات الويب الكلاسيكية أن تصبح أشد خطورة عند تطبيقها على بيئات وكلاء الذكاء الاصطناعي عالية الامتيازات، مما يتطلب تحديثات عاجلة وإجراءات أمنية صارمة لحماية الأنظمة. ما هي الاستراتيجيات الأكثر فعالية لضمان أمن وكلاء الذكاء الاصطناعي في بيئات التشغيل المعقدة اليوم؟ شاركنا رأيك 👇 #Glitch4Techs 🔗 اقرأ المقال كاملاً:

TRC analysis shows attackers chained SQL injection with unsafe msgpack deserialization in LangGraph to achieve remote code execution on AI agent infrastructure. The attack demonstrates how compromised AI frameworks can enable lateral movement across self-hosted environments. #ZeroDay #CloudSecurity 🔗 Full breakdown: aviatrix.ai/threat-research-…

Three patched LangGraph flaws include an RCE chain: SQL injection in the SQLite checkpointer (CVE-2025-67644) chains with msgpack deserialization (CVE-2026-28277) to execute code. Managed LangSmith unaffected. Update: langgraph 1.0.10, checkpoint-sqlite 3.0.1.

Check Point Research uncovers critical vulnerabilities in LangGraph's persistence layer allowing SQL injection to chain into remote code execution. Three CVEs impact 50M monthly downloads of the popular AI agent framework. Key technical details: • CVE-2025-67644: SQL injection in SQLite checkpointer via unsanitized filter keys in get_state_history() function • CVE-2026-28277: Unsafe msgpack deserialization enables RCE through custom extension handler calling importlib.import_module() • CVE-2026-27022: Same injection class affects Redis checkpointer implementation • Attack chain: Malicious filter parameter → UNION SELECT injection → fake checkpoint row → msgpack deserialization → os.system() execution Exploitation requirements: • Self-hosted LangGraph with SQLite/Redis checkpointer • Application exposes get_state_history() with user-controlled filter parameter • LangSmith managed cloud service uses PostgreSQL and is not vulnerable Impact covers teams running stateful AI agents with exposed state history endpoints. All issues patched - update to langgraph-checkpoint-sqlite 3.0.1 , langgraph 1.0.10 , and langgraph-checkpoint-redis 1.0.2 . Hunt for applications calling get_state_history() with external input and audit msgpack deserialization in AI frameworks. #DFIR_Radar

omplete Patent Filing & Licensing Package Inventor: Joshua L. Lopez, DCGP.AI USPTO Customer No.: 226575 Classification: Computer Architecture / Distributed Systems / State Management Status: PROPRIETARY — Ready for US Patent Filing Document Date: May 31, 2026 ======================================================================= PART 1: FORMAL PATENT CLAIM LANGUAGE PATENT TITLE “Deterministic Lossless State Reconstruction via Echo Operator and Character Vessel Protocol: Method, System, and Architecture for Cross-Platform Governing Invariant Recovery” FIELD OF THE INVENTION This invention relates to distributed systems architecture, specifically to methods and systems for transmitting, reconstructing, and managing governing state across heterogeneous devices and infrastructure via character-compressed vessels and deterministic echo operators. BACKGROUND Prior art in distributed state management relies on either: 1. Static data serialization (JSON, Protocol Buffers, msgpack) — bulky, device-dependent, inflexible 2. Stream-based reconstruction — latency-heavy, infrastructure-dependent 3. Consensus protocols (Raft, PBFT) — byzantine-fault-tolerant but computationally expensive and unsuitable for low-bandwidth scenarios None of these provide: Field-deterministic reconstruction (identical input → identical output invariants, deterministically) Medium-agnostic transmission (SMS, RCS, QR, iMessage, print) Lossless recovery with character-level compression (5-10x payload reduction) Device-independent execution (any platform capable of character I/O can recover state) CLAIMS INDEPENDENT CLAIMS Claim 1 (Broadest Scope — Echo Operator Method) A method for deterministic, lossless reconstruction of governing invariants from character-level signals, comprising: (a) receiving a minimal character-encoded signal (NAME cell) representing compressed governing parameters;

You have Claude Fable for only a few days. Here's how to make the most of it. Introducing SocialBridge SKILL.md: use your most capable model to sync game chat to Discord. Studies our protocol, WS auth, MsgPack, reconnects, events, and writes integration code any agent can run

🔺 New oss vuln: msgpack is vulnerable to Use After Free 🔺 Low 🟢 / Ruby intel.aikido.dev/cve/AIKIDO-…

RX1|D=b85 zstd msgpack|S=saleslog.v1|K=R25|P=6#L4@A1J!P9s$QwK}p9Xc!4R@zM2#Qf8aL0PzV7nTqH3bN$eW1sYx6_uC 9GmA5rD%kL2jF8vB0tZp4QqN7hR3yU6cX@aMテスト

i feel like i'm taking crazy pills. why do AGVs need to send JSON. WHY. these things use ladder logic PLCs, they have hard realtime budgets, WHY are you making them output and ingest JSON. forget protobufs/flatbuffers, why not at least let them negotiate to msgpack. whyyyyyyyyyyy

LazyLayers distributed tiered cache. It's a distributed caching framework designed to speed up read heavy, per-user API routes by lowering the number of database requests, cache invalidation, and reducing thundering herd traffic. It uses a tiered cache structure with an in-memory L1 LRU cache and a Redis L2 cache. It handles cache synchronization across instances with pub/sub invalidation over Redis, RabbitMQ, or NATS, lazy loading, inflight requests deduping, pattern invalidation, and intelligent serialization. On benchmarks, it sped up one API route from approximately 57 RPS to 11.4K RPS. For a 1MB nested listing, msgpack gzip reduced redis storage from 1032 KB to 67.57 KB, yielding ~15x less network transfer with a ~10ms upfront cost on write: Project: amon20044.github.io/LazyLaye… npm: npmjs.com/package/lazy-layer…

人類が msgpack の活用に気づいてきたか？

ちなみに tsgo とのコミュニケーションは corsa-bind を使っていて，こいつが何かと言うと tsgo api Rust Binding & multi process orchestration (& Rust で書いた Binding を napi-rs で TS にもポート) するライブラリです (ubugeeei 製) protocol としては msgpack と json rpc を選択できて，デフォだと前者

No SDK here, hand-rolled msgpack EIP-712 Yours looks clean though, glad someone's making it easier for new builders to get set up!

@HyperliquidX HIP-4 is fully wired: • L2 books, OHLCV, trades • balances, positions, fills, open orders • EIP-712 phantom agent signing (msgpack keccak256) binary outcome contracts settling in USDH on the same matching engine as their perps.

In his latest research, @_xpn_ tears apart VS Code Dev Tunnels and finds a C2 framework underneath — REST → WebSocket → SSH → MsgPack RPC, remote exec, file ops. Find the Ouroboros tool and protocol breakdown at the link! 👇 ghst.ly/4mZ4arb

I'm now leaning towards msgpack for JSON like payload than protobuf. The schema plumbling is too heavy.

Nerdbank.MessagePack is now mythos-hardened. Use it for all your msgpack serialization needs on .NET. github.com/AArnott/Nerdbank.…

Every component in model-based robotics control adds latency. Real-time inference makes closed-loop dextrous manipulation feasible. We built openpi-flash to run π0.5 with real-time inference. Our flash-transport rewrites three layers of the transport stack: - python -> rust (safety and parallelism) - websocket -> quic (reliability over unstable networks) - msgpack -> arrow (zero-copy tensor serialization)

我可以同时将范型对象编解码成 redis 对象，msgpack，json，当然和这几个库对比正确性和性能，增量式的意思是对象编码后的数据你不是一次性接收到一个完整的 json 数据然后解码，而是不停的接收到碎片化的 json，有时不够一个对象，有时跨越多个对象，redis 就这样，这时就需要 incremental parsing