LangChain flaw exposes agent secrets via serialization injection

On December 23, 2025, LangChain published a security advisory and assigned CVE-2025-68664 to a critical serialization-injection flaw in langchain-core’s dumps/loads APIs. Reported widely as “LangGrinch,” the flaw allows crafted serialized payloads returned to an agent to cause secret exfiltration when the library deserializes user-controlled data (GitHub advisory; Cyata Security).

The issue arises from unsafe handling of serialized objects in langchain-core’s dumps/loads paths, which lets attackers inject malicious objects during deserialization. The attack chain often begins with prompt manipulation that causes an agent to produce or load crafted serialized content; if exploited, loading those objects can lead to remote code execution (RCE) on the host running the agent (SiliconANGLE; The Hacker News).

LangChain’s advisory lists the primary mitigations: stop loading untrusted serialized data, apply vendor patches or updated releases, and rotate any exposed credentials. Organizations should inventory langchain-core usage, block public uploads of serialized artifacts, and treat agent-facing inputs as untrusted until patched (GitHub advisory; The Hacker News).

Why It Matters

• Deserializing agent-generated or user-supplied objects can expose API keys, tokens, and other secrets from running systems.
• Deserialization-based RCE can escalate a data leak into full host compromise—treat this as a high-priority incident response item.
• Immediately patch or remove unsafe dumps/loads usage and rotate any credentials that may have been exposed before fixes were applied.
• Harden agent I/O: block or validate serialized uploads, sandbox deserialization where possible, and restrict agent permissions to limit blast radius.