2 matches found
CVE-2026-25750
Langchain Helm Charts (prior to version 0.12.71) include a URL parameter injection vulnerability in LangSmith Studio that could exfiltrate a victim’s bearer token, user ID, and workspace ID to an attacker-controlled server when an authenticated LangSmith user clicks a malicious link. Affected dep...
CVE-2026-40190
The CVE-2026-40190 issue affects LangSmith JavaScript/TypeScript SDK (langsmith) prior to 0.5.18, where an incomplete prototype pollution fix in the vendored lodash set() allows traversal via constructor.prototype, enabling an attacker who controls data keys processed by createAnonymizer() to pol...