Lucene search
K

884 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-14742

The CVE affects langchain-ai langgraph up to 1.2.4. The vulnerability lies in the function _freeze in libs/langgraph/langgraph/_internal/_cache.py (Task Result Cache). Manipulating the argument default_cache_key causes use of a weak hash, enabling a possible remote attack. Exploitation is describ...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-372 Langchain SQL Injection vulnerability

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain...

9.8CVSS6.2AI score
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-374 LangChain Experimental Eval Injection vulnerability

langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...

9.8CVSS6.1AI score0.01387EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-375 LangChain Experimental vulnerable to arbitrary code execution

langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...

9.8CVSS7.7AI score0.00766EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

LangChain < 1.3.9 Path Traversal (CVE-2026-55443)

The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...

5.5CVSS5.9AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 3:37 p.m.5 views

CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

9.8CVSS6.6AI score0.00454EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 7:17 p.m.10 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.5CVSS0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 5:21 p.m.7 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 5:21 p.m.40 views

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 5:21 p.m.14 views

CVE-2026-55443

CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...

5.5CVSS5.9AI score0.00157EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51373

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.3.9 Description Several components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. This occurs in a file-search agent middlewar...

5.5CVSS5.8AI score0.00157EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 3:3 p.m.17 views

GHSA-GR75-JV2W-4656 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...

5.1CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 3:3 p.m.10 views

Symlink Attack

Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path to the intended root...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 6:5 a.m.3 views

ROOT-APP-NPM-CVE-2026-27795 CVE-2026-27795 in @rootio/langchain__community - Patched by Root

Root has patched CVE-2026-27795 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...

4.1CVSS5.8AI score0.00206EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in langchain-core-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd42d83950d8d8fc559905eed104af38cd6c8aef683b96778f0b8d778dd6bd5a Package langchain-core-mcp impersonates the legitimate langchain-core publisher: METADATA sets Project-URL Repository to...

5.7AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7846

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

2.6CVSS4.3AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-44843

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...

8.2CVSS5.7AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

8.6CVSS6.8AI score0.00472EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 1:44 p.m.2 views

ROOT-APP-NPM-CVE-2026-26019 CVE-2026-26019 in @rootio/langchain__community - Patched by Root

Root has patched CVE-2026-26019 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...

4.1CVSS7.5AI score0.00371EPSS
Exploits0
Rows per page
Query Builder