langchain-ai
AI / MLoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting langchain-ai.
- CVE-2026-55443LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders5.1
- CVE-2026-48776LangGraph SDK has unsafe URL path construction4.2
- CVE-2026-48775LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading6.8
- CVE-2026-45134LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning7.1
- CVE-2026-44843LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists8.2
- CVE-2026-41488angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding3.1
- CVE-2026-41481LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass6.5
- CVE-2026-41182LangSmith SDK: Streaming token events bypass output redaction5.3
- CVE-2026-40190LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`5.6
- CVE-2026-40087LangChain has incomplete f-string validation in prompt templates5.3
- CVE-2026-34070LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions7.5
- CVE-2026-28277LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading6.8
- CVE-2026-27795LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader4.1
- CVE-2026-27794LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution6.6
- CVE-2026-27022RediSearch Query Injection in @langchain/langgraph-checkpoint-redis6.5