CVE-2026-46580

Theia before v1.71.0 loads files matching .prompts/*.prompttemplate from a workspace, allowing attacker-controlled content to override the AI agent’s system prompts (indirect prompt injection). This enables attack chains with untrusted workspaces, potentially causing data exfiltration via Markdow...

📄 LangChain Core Insecure Deserialization

LangChain Core versions prior to 1.2.5 and 0.3.81 suffer from a deserialization vulnerability that allows for server-side template injection that can lead to remote code execution. Exploit Title: LangChain Core - SSTI/RCE Date: 2025-12-29 Exploit Author: Mohammed Idrees Banyamer Author Country:...

LangChain Core 1.2.4 - SSTI/RCE

Exploit Title: LangChain Core - SSTI/RCE Date: 2025-12-29 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Contact: @banyamersecurity Instagram GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.langchain.com/ Software Link: https://pypi.org/project/langchain-core/...

Spring AI - Structured Output

UPDATE: 04.06.2024 Adde snippets for using structured output with the new, fluent ChatClient API . UPDATE: 17.05.2024 Generic Types support for BeanOutputConverter added. Science works with chunks and bits and pieces of things with the continuity presumed, and Art works only with the continuities...