cbcvebase.

Langchain-Ai Langchain vulnerabilities

7 known vulnerabilities affecting langchain-ai/langchain.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-68664P2HIGHCVSS 8.2PoCv>= 1.0.0, < 1.2.5fixed in 0.3.812025-12-23
CVE-2025-68664 [HIGH] CWE-502 CVE-2025-68664: LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark
nvd
CVE-2026-34070P3HIGHCVSS 7.5fixed in 1.2.222026-03-31
CVE-2026-34070 [HIGH] CWE-22 CVE-2026-34070: LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to
nvd
CVE-2025-65106P3HIGHCVSS 8.3v>= 1.0.0, < 1.0.7fixed in 0.3.802025-11-21
CVE-2025-65106 [HIGH] CWE-1336 CVE-2025-65106: LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted temp
nvd
CVE-2026-44843P3HIGHCVSS 8.2fixed in 0.3.85v>= 1.0.0a1, < 1.3.32026-05-26
CVE-2026-44843 [HIGH] CWE-502 CVE-2026-44843: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3 LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with allowed_objects="all". This does not enable arbitrary
nvd
CVE-2026-40087P4MEDIUMCVSS 5.3fixed in 0.3.83v>= 1.0.0a1, < 1.2.282026-04-09
CVE-2026-40087 [MEDIUM] CWE-1336 CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2 LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particu
nvd
CVE-2026-55443P4MEDIUMCVSS 5.5fixed in 1.3.92026-06-22
CVE-2026-55443 [MEDIUM] CWE-22 CVE-2026-55443: LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several L LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but
nvd
CVE-2026-26013P4LOWCVSS 3.7fixed in 1.2.112026-02-10
CVE-2026-26013 [LOW] CWE-918 CVE-2026-26013: LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the Chat LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious i
nvd
Langchain-Ai Langchain vulnerabilities | cvebase