Lucene search
K

888 matches found

OSV
OSV
added 2026/04/24 9:16 p.m.8 views

PYSEC-2026-76

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS5.8AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 9:16 p.m.6 views

PYSEC-2026-77

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
PyPA
PyPA
added 2026/04/24 9:16 p.m.16 views

PYSEC-2026-76

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2026/04/24 9:16 p.m.14 views

PYSEC-2026-77

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/24 9:16 p.m.14 views

CVE-2026-41481

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS0.0026EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 9:16 p.m.12 views

CVE-2026-41488

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 8:57 p.m.35 views

CVE-2026-41488 angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 8:57 p.m.6 views

EUVD-2026-25635

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS5.2AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 8:57 p.m.2 views

CVE-2026-41488 angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS5.2AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 8:57 p.m.41 views

CVE-2026-41488

CVE-2026-41488 affects the langchain-openai component prior to version 1.1.14. The issue stems from the _url_to_size() helper (used by get_num_tokens_from_messages for image token counting): it validates URLs to provide SSRF protection, then fetches them in a separate network operation with an in...

3.1CVSS5.2AI score0.00158EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/24 8:54 p.m.24 views

CVE-2026-41481

CVE-2026-41481 affects LangChain’s HTMLHeaderTextSplitter.split_text_from_url() prior to 1.1.2. The code validates the initial URL with validate_safe_url(), but then fetches with requests.get() (redirects enabled by default) and does not revalidate redirects, allowing a URL to attacker-controlled...

6.5CVSS5.4AI score0.0026EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/24 8:54 p.m.31 views

CVE-2026-41481 LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 8:54 p.m.4 views

CVE-2026-41481 LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.3AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 8:54 p.m.9 views

EUVD-2026-25634

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.4AI score0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:54 p.m.8 views

CVE-2026-41481

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.4AI score0.0026EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.1.14 contained code vulnerabilities. These vulnerabilities stemmed from the urltosize helper function in langchain-openai, which, after...

3.1CVSS5.8AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

langchain-text-splitters 代码问题漏洞

langchain-text-splitters is a Python package open-sourced by LangChain. Versions of langchain-text-splitters prior to 1.1.2 had code vulnerabilities. These vulnerabilities stemmed from the use of the splittextfromurl method in HTMLHeaderTextSplitter, which initiated a redirection after verifying...

6.5CVSS5.9AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35087

Name of the Vulnerable Software and Affected Versions langchain-openai versions prior to 1.1.14 Description The url to size helper function, utilized by get num tokens from messages for image token counting, contains a Time-of-Check to Time-of-Use TOCTOU flaw. The function validates URLs for...

3.1CVSS5.1AI score0.00158EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/04/20 10:42 a.m.27 views

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's MCP architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence AI supply chain. "This flaw enables Arbitrary Command Execution R...

9.9CVSS7.4AI score0.38532EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2026/04/16 11:0 p.m.3 views

agent-builder (>=0.0.2 <=0.1.7), agentmanager (>=0.1.0 <=0.1.1) +48 more potentially affected by CVE-2026-41488 via langchain-openai (>=1.0.0 <=1.1.12)

langchain-openai PYPI version =1.0.0, =0.0.2, =0.1.0, =3.0.3, =0.0.48, =0.0.54, =0.1.2, =0.1.0, =0.1.0, =0.1.17rc1, =0.1.22 and more Source cves: CVE-2026-41488 Source advisory: SNYK:PYTHON-LANGCHAINOPENAI-16097112...

3.1CVSS5.7AI score0.00158EPSS
Exploits0
Rows per page
Query Builder