EUVD-2026-38332

🗓️ 22 Jun 2026 17:21:46Reported by EUVDType

LangChain before 1.3.9 had path confinement flaws exposing files outside the root; fixed in 1.3.9.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-55443	22 Jun 202617:21	–	attackerkb
CVE	CVE-2026-55443	22 Jun 202617:21	–	cve
Cvelist	CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders	22 Jun 202617:21	–	cvelist
NVD	CVE-2026-55443	22 Jun 202619:17	–	nvd
Positive Technologies	PT-2026-51373	22 Jun 202600:00	–	ptsecurity
Snyk	Symlink Attack	16 Jun 202615:03	–	snyk
Snyk	Symlink Attack	16 Jun 202615:03	–	snyk
Vulnrichment	CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders	22 Jun 202617:21	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "fdfa495e-7752-33b8-ab63-84fa7ceddf3d",
        "vendor": {
          "name": "langchain-ai"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "a4aa8d75-076c-3e80-829e-255b6b4c1537",
        "product": {
          "name": "langchain-anthropic",
          "vendor": {
            "name": "langchain-ai"
          }
        },
        "product_version": "< 1.4.6"
      },
      {
        "id": "e5c7df9c-9333-3df1-84ea-349b01457629",
        "product": {
          "name": "langchain",
          "vendor": {
            "name": "langchain-ai"
          }
        },
        "product_version": "< 1.3.9"
      }
    ]
  }
]

Source	Link
github	www.github.com/langchain-ai/langchain/security/advisories/GHSA-gr75-jv2w-4656
github	www.github.com/langchain-ai/langchain/commit/dcaf7795a3e6590af55c3ff7bda6add6355e9ea6

22 Jun 2026 19:52Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.1

SSVC