{question}
Has SingleStore been affected by the recent LangGrinch vulnerability (CVE-2025-68664)?
{question}
{answer}
LangGrinch, disclosed in December 2025, is a critical vulnerability (CVSS 9.3) in LangChain-core, a library widely used for building AI and LLM-based applications. It allows attackers to inject malicious serialized data through LangChain’s dumps() and dumpd() functions by exploiting a reserved internal key.
SingleStore does leverage LangChain as part of some of its Helios AI features. We’ve taken steps to immediately patch the affected software to prevent any type of exploitation in the future.
- If you’re a SingleStore Helios customer, no action is expected from you even if you are using our Helios AI features as patching has been performed already;
- If you’re running SingleStore self-managed, no action is expected from you since this bulletin is meant solely to SingleStore Helios customers.
We are continuing to release patches for some of our publicly available extensions and integrations for SingleStore. These updates do not affect the core products, which remains fully supported and secure.
{answer}