3 matches found
agent-builder (>=0.0.2 <=0.1.7), agent-memory-layer (>=0.1.0 <=0.1.1) +62 more potentially affected by CVE-2026-26013 via langchain-openai (>=1.0.0 <=1.1.7)
langchain-openai PYPI version =1.0.0, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =3.0.3, =0.0.48, =0.0.54, =0.1.2, =0.1.0, =0.1.0, =0.9.0 and more Source cves: CVE-2026-26013 Source advisory: SNYK:PYTHON-LANGCHAINOPENAI-15263095...
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...