4 matches found
CVE-2026-34070
A flaw was found in LangChain. Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized configuration dictionaries without validation for directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to...
CVE-2026-34070
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...
a-data-processing (=0.0.1), a-mailx (=0.1.0) +1227 more potentially affected by CVE-2026-34070 via langchain-core (>=0.0.1 <=0.3.83)
langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2026-34070 Source advisory: SNYK:PYTHON-LANGCHAINCORE-15809257...
a-beta-scalekit (>=3.0.1 <=4.0.2), a-data-processing (=0.0.1) +2422 more potentially affected by CVE-2026-34070 via langchain-core (>=0.0.1 <=1.2.20)
langchain-core PYPI version =0.0.1, =3.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.0.1a5 and more Source cves: CVE-2026-34070 Source advisory: OSV:GHSA-QH6H-P6C9-FF54...