3 matches found
CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...
accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +334 more potentially affected by CVE-2026-40087 via langchain-core (>=0.4.0.dev0 <=1.2.24)
langchain-core PYPI version =0.4.0.dev0, =0.0.2, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...
a-data-processing (=0.0.1), a-mailx (=0.1.0) +1227 more potentially affected by CVE-2026-40087 via langchain-core (>=0.0.1 <=0.3.83)
langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2026-40087 Source advisory: SNYK:PYTHON-LANGCHAINCORE-15953340...