CVE-2023-44467
published 2023-10-09CVE-2023-44467: langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.94%
56.5th percentile
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langchain | langchain-experimental | < 0.1.8 | 0.1.8 |
| langchain | langchain-experimental | >= 0 < 0.0.52 | 0.0.52 |
| langchain | langchain-experimental | >= 0 < 4c97a10bd0d9385cfee234a63b5bd826a295e483 | 4c97a10bd0d9385cfee234a63b5bd826a295e483 |
| langchain | langchain-experimental | >= 0 < 0.0.15 | 0.0.15 |
| langchain | langchain-experimental | 0 – 0.0.14 | — |
| langchain | langchain_experimental | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect use of prohibited Python dunder attributes in PALChain-evaluated code: __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ ↗
- →Monitor for prompt injection payloads targeting LangChain PALChain that attempt to inject executable Python code through user queries converted by the from_math_prompt() method in pal_chain/base.py ↗
- →Flag or block traffic to/from langchain_experimental (LangChain Experimental) versions before 0.0.306 involving PALChain code evaluation endpoints, as these are vulnerable to prompt injection leading to arbitrary code execution ↗
- →Use Next-Generation Firewall with Advanced Threat Prevention to identify and block command injection traffic associated with CVE-2023-44467 exploitation attempts against LangChain PALChain ↗
- ·The vulnerable code path is in pal_chain/base.py within the langchain_experimental package; the fix for CVE-2023-44467 was incomplete and bypassable via dunder attributes not included in the blocklist ↗
- ·CVE-2023-44467 affects only LangChain Experimental (langchain_experimental), a separate Python library from the core LangChain package, intended for research/experimental use ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
LangChain Experimental vulnerable to arbitrary code execution
osv·2024-02-26·CVSS 9.8
CVE-2024-27444 [CRITICAL] LangChain Experimental vulnerable to arbitrary code execution
LangChain Experimental vulnerable to arbitrary code execution
langchain_experimental (aka LangChain Experimental) before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the `__import__`, `__subclasses__`, `__builtins__`, `__globals__`, `__getattribute__`, `__bases__`, `__mro__`, or `__base__` attribute in Python code. These are not prohibited by `pal_chain/base.py`.
GHSA
LangChain Experimental vulnerable to arbitrary code execution
ghsa·2024-02-26·CVSS 9.8
CVE-2024-27444 [CRITICAL] CWE-749 LangChain Experimental vulnerable to arbitrary code execution
LangChain Experimental vulnerable to arbitrary code execution
langchain_experimental (aka LangChain Experimental) before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the `__import__`, `__subclasses__`, `__builtins__`, `__globals__`, `__getattribute__`, `__bases__`, `__mro__`, or `__base__` attribute in Python code. These are not prohibited by `pal_chain/base.py`.
GHSA
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
ghsa·2023-10-09·CVSS 9.8
CVE-2023-44467 [CRITICAL] langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
OSV
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
osv·2023-10-09·CVSS 9.8
CVE-2023-44467 [CRITICAL] langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
OSV
CVE-2023-44467: langchain_experimental 0
osv·2023-10-09·CVSS 9.8
CVE-2023-44467 [CRITICAL] CVE-2023-44467: langchain_experimental 0
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.
VulnCheck
LangChain Experimental '__import__' Arbitrary Code Execution Vulnerability
vulncheck·2023·CVSS 9.8
CVE-2023-44467 [CRITICAL] LangChain Experimental '__import__' Arbitrary Code Execution Vulnerability
LangChain Experimental '__import__' Arbitrary Code Execution Vulnerability
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
Affected: langchain langchain_experimental
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.securelayer7.net/ai-agent-frameworks/
No detection rules found.
No public exploits indexed.
Unit42
Vulnerabilities in LangChain Gen AI
blogs_unit42·2024-07-23·CVSS 9.8
CVE-2023-46229 [CRITICAL] Vulnerabilities in LangChain Gen AI
## Executive Summary
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub:
- CVE-2023-46229
- CVE-2023-44467 (LangChain experimental)
LangChain’s website states that more than one million builders use LangChain frameworks for LLM app development. Partner packages for LangChain include many of the big names in cloud, AI, databases and other tech development.
These two flaws could have allowed attackers to execute arbitrary code and access sensitive data, respectively. LangChain has since issued patches to resolve these vulnerabilities. This article provides a comprehensive technical examination of these security issues and offers guidance on mitigating similar threats in the f
Unit42
Vulnerabilities in LangChain Gen AI
blogs_unit42·2024-07-23·CVSS 9.8
CVE-2023-44467 [CRITICAL] Vulnerabilities in LangChain Gen AI
Threat Research Center
Threat Research
Vulnerabilities
## Vulnerabilities in LangChain Gen AI
Yiheng An
Haozhe Zhang
Qi Deng
Published: July 23, 2024
Threat Research
Vulnerabilities
CVE-2023-44467
CVE-2023-46229
GenAI
LangChain
LLM
## Executive Summary
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub:
CVE-2023-46229
CVE-2023-44467 (LangChain experimental)
LangChain’s website states that more than one million builders use LangChain frameworks for LLM app development. Partner packages for LangChain include many of the big names in cloud, AI, databases and other tech development.
These two flaws could have allowed attackers to execute arbitrary code and a
arXiv
Don't Let the Claw Grip Your Hand: A Security Analysis and Defense Framework for OpenClaw
arxiv_fulltext·2026-03-11
Don't Let the Claw Grip Your Hand: A Security Analysis and Defense Framework for OpenClaw
Don’t Let the Claw Grip Your Hand: A Security Analysis and Defense Framework for OpenClaw
Zhengyang Shan
Shandong University
[email protected]
Jiayun Xin
Shandong University
[email protected]
Yue Zhang
Shandong University
[email protected]
Minghui Xu
Shandong University
[email protected]
## Abstract
Code agents powered by large language models can execute shell commands on behalf of users, introducing severe security vulnerabilities. This paper presents a two-phase security analysis of the OpenClaw platform. As an open-source AI agent framework that operates locally, OpenClaw can be integrated with various commercial large language models. Because its native architecture lacks built-in security constraints, it serves as an ideal subject for evaluating basel
2023-10-09
Published
Exploited in the wild