Three chained vulnerabilities in LangGraph’s state persistence layer allow an unauthenticated attacker with network access to the get_state_history() endpoint to achieve arbitrary code execution on self-hosted deployments via SQL injection and unsafe deserialization. Patched versions are available for all three affected packages; the LangSmith managed platform is unaffected. Organizations running self-hosted LangGraph with internet-exposed state endpoints should patch immediately; the EPSS score is low but the attack requires only one crafted request if the endpoint is reachable.