LangChain @langchain/community SSRF Bypass via Redirect Chaining (CVE-2026-27795) Advisory

Critical Vulnerability Information Vulnerability Name: SSRF Bypass in RecursiveUrlLoader via redirect chaining Risk Level: Moderate (4.1 / 10) CVE ID: CVE-2026-27795 Affected Package: @langchain/community Affected Versions: = 1.1.18 Vulnerability Description This vulnerability involves a Server-Side Request Forgery (SSRF) bypass via redirect chaining in RecursiveUrlLoader. While RecursiveUrlLoader validates the initial URL, it allows underlying requests to automatically follow redirects, enabling a transition from a safe public URL to internal or metadata endpoints without re-validation. Impact Attackers may manipulate the content of crawled pages to cause the crawler to: - Retrieve cloud instance metadata, potentially exposing credentials or tokens. - Access internal services on private networks (e.g., 10.x, 172.16.x, 192.168.x). - Connect to localhost services. - Exfiltrate response data through attacker-controlled redirect chains. Attack Scenario 1. The crawler is directed to a public URL that passes the initial SSRF validation. 2. This URL responds with a 3xx redirect to an internal target. 3. The mechanism automatically follows the redirect without re-validation. 4. The crawler accesses internal or metadata endpoints. Root Cause SSRF validation ( ) is executed only on the initial URL. Redirects are followed automatically by without re-validation by default. Solution Upgrade to @langchain/community >= 1.1.18, which disables automatic redirects and validates them before each redirect. Automatic redirects are disabled ( ). Each 3xx Location header is parsed and validated via before the subsequent request. A maximum redirect limit is enforced to prevent infinite loops.

Goal Reached Thanks to every supporter — we hit 100%!

LangChain @langchain/community SSRF Bypass via Redirect Chaining (CVE-2026-27795) Advisory

More from this source