Browse all 34 CVE security advisories affecting langchain-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Langchain-ai provides a framework for developing applications powered by large language models, primarily facilitating the integration of external data sources and tools into AI workflows. Its architecture, which often involves dynamic code execution and complex dependency management, has historically exposed users to significant risks. Security audits reveal thirty-four recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, arbitrary file reads, and injection flaws. These vulnerabilities frequently stem from insufficient input validation in prompt templates and unsafe handling of untrusted data within chains. Notable incidents include critical flaws allowing attackers to execute arbitrary commands on host systems through manipulated LLM outputs or malicious tool definitions. The project’s reliance on third-party libraries and its flexible, often opaque, execution paths have contributed to a high vulnerability surface. Users must rigorously sanitize inputs and isolate execution environments to mitigate these inherent risks associated with dynamic AI application development.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41481 | LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass — langchain-text-splittersCWE-918 | 6.5 | Medium | 2026-04-24 |
This page lists every published CVE security advisory associated with langchain-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.