Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 2:2 p.m.10 views

CVE-2026-34070

A flaw was found in LangChain. Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized configuration dictionaries without validation for directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to...

7.5CVSS6.2AI score0.01204EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:1 a.m.2 views

CVE-2026-34070

LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...

7.5CVSS5.9AI score0.01204EPSS
Exploits2References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/27 7:45 p.m.8 views

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1227 more potentially affected by CVE-2026-34070 via langchain-core (>=0.0.1 <=0.3.83)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2026-34070 Source advisory: SNYK:PYTHON-LANGCHAINCORE-15809257...

7.5CVSS7.3AI score0.01204EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/27 7:45 p.m.8 views

a-beta-scalekit (>=3.0.1 <=4.0.2), a-data-processing (=0.0.1) +2422 more potentially affected by CVE-2026-34070 via langchain-core (>=0.0.1 <=1.2.20)

langchain-core PYPI version =0.0.1, =3.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.0.1a5 and more Source cves: CVE-2026-34070 Source advisory: OSV:GHSA-QH6H-P6C9-FF54...

7.5CVSS7.3AI score0.01204EPSS
Exploits2
Rows per page
Query Builder