LangChain 安全漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.84 and 1.2.28 contained security vulnerabilities. These vulnerabilities stemmed from incomplete validation of f-string template fields,...

CVE-2026-34070

LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

CVE-2025-68665 LangChain serialization injection vulnerability enables secret extraction

LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON method and subsequently when string-ifying objects using...

The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from insufficient validation of requests at the server-side level. This allows attackers to execute an SSRF attack.

The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain is related to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

The vulnerability of the numexpr library in the framework for creating applications based on the combination of model languages like LangChain allows attackers to execute arbitrary code.

The vulnerability of the numexpr library used by the LangChain model-based application framework is related to improper code generation control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from the lack of protective measures for SQL query structures. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain relates to the lack of measures taken to protect SQL query structures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized...