Lucene search
K

7 matches found

CVE
CVE
added 2026/05/27 7:35 p.m.38 views

CVE-2026-45134

LangSmith CVE-2026-45134 affects LangSmith Client SDKs with prompt-pull methods that fetch/deserialize prompt manifests from LangSmith Hub. The issue allows manifest content to be influenced by external parties when pulling a public prompt (owner/name), because prior SDKs did not distinguish such...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:35 p.m.41 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:35 p.m.8 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 7:35 p.m.2 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.14 views

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Description The LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime...

7.1CVSS5.7AI score0.00199EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2026/05/13 3:29 p.m.9 views

GHSA-3644-Q5CJ-C5C7 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Description The LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime...

7.1CVSS5.7AI score0.00199EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/13 3:29 p.m.8 views

NPM: LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

NPM: LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning vulnerability discovered by ? in WordPress Npm langsmith versions 0.6.0...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder