CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

CVE-2026-55443

CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...

Symlink Attack

Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path to the intended root...

GHSA-GR75-JV2W-4656 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the source mapping and debugging file searching mechanisms, which did not limit the scope of the projects. A...

CVE-2026-26098

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

CVE-2026-26098

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

CVE-2026-26097 Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

CVE-2026-26097

Owl opds 2.2.0.4 is affected by CVE-2026-26097, which concerns an Uncontrolled Search Path Element that can leverage/manipulate configuration file search paths via a crafted network request. The CVSS metrics indicate a HIGH impact across confidentiality, integrity, and availability, with a LOCAL ...

CVE-2025-15585

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...

CVE-2025-15585

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...

CVE-2025-15585

Fileflows CVE-2025-15585 affects Fileflows versions before 25.05.2. An authenticated SQL injection flaw exists in the library-file search function when using MySQL as the backend database. Successful exploitation could lead to privilege escalation or data exfiltration. No exploitation details are...

CVE-2025-69220

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

CVE-2025-23867

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through = 1.2...

CVE-2025-69220

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

EUVD-2025-206261

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

CVE-2025-69220

LibreChat (version 0.8.1-rc2) is vulnerable to insufficient access control for file uploads in an agent’s file context and file search. An authenticated attacker who knows an agent ID can modify the behavior of arbitrary agents by uploading files, even without permissions for that agent. The issu...

CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

Modern Shop - PHP eCommerce Platform 代码注入漏洞

Modern Shop - PHP eCommerce Platform is an online shopping mall website by ABHIRAM B Individual Developer. A code injection vulnerability exists in Modern Shop - PHP eCommerce Platform version 20250922, which stems from an incorrect manipulation of the parameter q in file/search and could lead to...