Lucene search
+L

LangChain < 1.3.9 Path Traversal (CVE-2026-55443)

🗓️ 25 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 11 Views

LangChain before 1.3.9 suffers path traversal (CVE-2026-55443) exposing files outside the root.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(322754);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/29");

  script_cve_id("CVE-2026-55443");

  script_name(english:"LangChain < 1.3.9 Path Traversal (CVE-2026-55443)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a path traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore,
affected by a path traversal vulnerability:

  - Several LangChain components that resolve filesystem paths or expand search patterns do not
    consistently confine the resolved path to the intended root directory. Affected behaviors
    include a file-search agent middleware that validates a starting directory but not the search
    pattern or resolved target of matched files, prompt and chain/agent-configuration loaders that
    accept path fields and resolve them without confining the result to a trusted base, and
    path-prefix authorization checks that compare by string prefix without a path-segment boundary.
    When these components receive path values influenced by an untrusted source, the result can be
    disclosure of files outside the intended boundary. (CVE-2026-55443)

Note that Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number.");
  # https://github.com/langchain-ai/langchain/security/advisories/GHSA-gr75-jv2w-4656
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7695fc88");
  script_set_attribute(attribute:"solution", value:
"Upgrade to LangChain version 1.3.9 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-55443");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:langchain-ai:langchain");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_langchain_detect.nbin");
  script_require_keys("installed_sw/LangChain");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'LangChain', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '1.3.9'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.1 - 5.5
EPSS0.00157
SSVC
11