2 matches found
PYSEC-2026-1515 Langchain Community Vulnerable to XML External Entity (XXE) Attacks
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...
CVE-2025-6984
CVE-2025-6984 (LangChain EverNoteLoader XXE) : The langchain-ai/langchain package’s EverNoteLoader is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63, where etree.iterparse() is used without disabling external entity processing, enabling...