892 matches found
PYSEC-2026-1515 Langchain Community Vulnerable to XML External Entity (XXE) Attacks
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...
PYSEC-2026-1514 LangChain pickle deserialization of untrusted data
A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...
PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...
CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash
A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...
CVE-2026-14742
The CVE affects langchain-ai langgraph up to 1.2.4. The vulnerability lies in the function _freeze in libs/langgraph/langgraph/_internal/_cache.py (Task Result Cache). Manipulating the argument default_cache_key causes use of a weak hash, enabling a possible remote attack. Exploitation is describ...
PYSEC-2026-372 Langchain SQL Injection vulnerability
In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain...
PYSEC-2026-374 LangChain Experimental Eval Injection vulnerability
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
PYSEC-2026-375 LangChain Experimental vulnerable to arbitrary code execution
langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...
LangChain < 1.3.9 Path Traversal (CVE-2026-55443)
The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...
CVE-2026-12866
A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...
CVE-2026-55443
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
EUVD-2026-38332
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-55443
CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...
CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
PT-2026-51373
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.3.9 Description Several components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. This occurs in a file-search agent middlewar...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the EmbeddingSearchRequest.filter process. An attacker can access sensitive data, modify or delete database records, or cause denial of service by injecting crafted input into metadata filter keys or values, which are...
Symlink Attack
Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path to the intended root...
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...
GHSA-GR75-JV2W-4656 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...