6 matches found
CVE-2026-41182
Summary: The CVE affects LangSmith Client SDKs (JavaScript and Python) prior to specific fixes. When a run produces streaming output, each token in the stream is stored as a separate new_token event containing the raw token value, bypassing the SDK’s output redaction. The redaction controls (hide...
CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...
CVE-2026-41182
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...
CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...
LangSmith SDK: Streaming token events bypass output redaction
Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...
GHSA-RR7J-V2Q5-CHGV LangSmith SDK: Streaming token events bypass output redaction
Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...