3 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a template injection vulnerability in LangChain [CVE-2025-65106]
Summary BM Watson Speech Services Cartridge is vulnerable to a template injection vulnerability in LangChain, due to a defect existing in LangChain's prompt template system that allows attackers to access Python object internals through template syntax CVE-2025-65106. LangChain is used in our...
CVE-2025-65106
A template-injection vulnerability in LangChain's prompt template system allowed untrusted template strings to access Python object internals through attribute traversal and indexing. By crafting malicious template expressions, an attacker could read sensitive properties e.g., class, globals from...
CVE-2025-65106 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...