LangChain < 1.3.9 Path Traversal (CVE-2026-55443)

The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...

CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

CVE-2026-55443

CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

GHSA-GR75-JV2W-4656 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...

Symlink Attack

Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path to the intended root...

ROOT-APP-NPM-CVE-2026-27795 CVE-2026-27795 in @rootio/langchain__community - Patched by Root

Root has patched CVE-2026-27795 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...

Malicious code in langchain-core-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd42d83950d8d8fc559905eed104af38cd6c8aef683b96778f0b8d778dd6bd5a Package langchain-core-mcp impersonates the legitimate langchain-core publisher: METADATA sets Project-URL Repository to...

CVE-2026-7846

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

CVE-2026-44843

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

ROOT-APP-NPM-CVE-2026-26019 CVE-2026-26019 in @rootio/langchain__community - Patched by Root

Root has patched CVE-2026-26019 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-41481 CVE-2026-41481 in rootio-langchain-text-splitters - Patched by Root

Root has patched CVE-2026-41481 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-68664 CVE-2025-68664 in rootio-langchain-core - Patched by Root

Root has patched CVE-2025-68664 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-44843 CVE-2026-44843 in rootio-langchain-core - Patched by Root

Root has patched CVE-2026-44843 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-34070 CVE-2026-34070 in rootio-langchain-core - Patched by Root

Root has patched CVE-2026-34070 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-40087 CVE-2026-40087 in rootio-langchain-core - Patched by Root

Root has patched CVE-2026-40087 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-6985 CVE-2025-6985 in rootio-langchain-text-splitters - Patched by Root

Root has patched CVE-2025-6985 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...