5 matches found
ROOT-APP-PYPI-CVE-2026-44843 CVE-2026-44843 in rootio-langchain-core - Patched by Root
Root has patched CVE-2026-44843 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...
CVE-2026-44843 vulnerabilities
Vulnerabilities for packages: py3-langchain, py3-langchain-core...
CVE-2026-44843 LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...
accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +344 more potentially affected by CVE-2026-44843 via langchain-core (>=1.0.0a8 <=1.3.2)
langchain-core PYPI version =1.0.0a8, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extracto...
accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +346 more potentially affected by CVE-2026-44843 via langchain-core (>=1.0.0 <=1.3.2)
langchain-core PYPI version =1.0.0, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...