Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 2:55 p.m.7 views

CVE-2026-40087

A flaw was found in LangChain. A missing validation of f-string prompt templates in some classes, specifically in DictPromptTemplate and ImagePromptTemplate, can cause the evaluation of attribute access or indexing expressions during template formatting. Also, f-string validation based on parsed...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References10
NVD
NVD
added 2026/04/09 8:16 p.m.10 views

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS0.00262EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/09 7:34 p.m.5 views

EUVD-2026-21063

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2025/03/20 12:32 p.m.3 views

GHSA-5CHR-FJJV-38QV langchain-core allows unauthorized users to read arbitrary files from the host file system

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS6AI score0.00366EPSS
Exploits0References6
Snyk
Snyk
added 2025/03/20 10:52 a.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...

8.7CVSS6.7AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.5 views

CVE-2024-10940 Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS5.3AI score0.00366EPSS
Exploits0References2
Rows per page
Query Builder