Browse all 34 CVE security advisories affecting langchain-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Langchain-ai provides a framework for developing applications powered by large language models, primarily facilitating the integration of external data sources and tools into AI workflows. Its architecture, which often involves dynamic code execution and complex dependency management, has historically exposed users to significant risks. Security audits reveal thirty-four recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, arbitrary file reads, and injection flaws. These vulnerabilities frequently stem from insufficient input validation in prompt templates and unsafe handling of untrusted data within chains. Notable incidents include critical flaws allowing attackers to execute arbitrary commands on host systems through manipulated LLM outputs or malicious tool definitions. The project’s reliance on third-party libraries and its flexible, often opaque, execution paths have contributed to a high vulnerability surface. Users must rigorously sanitize inputs and isolate execution environments to mitigate these inherent risks associated with dynamic AI application development.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41182 | LangSmith SDK: Streaming token events bypass output redaction — langsmith-sdkCWE-200 | 5.3 | Medium | 2026-04-23 |
| CVE-2026-40190 | LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()` — langsmith-sdkCWE-1321 | 5.6 | Medium | 2026-04-10 |
| CVE-2026-25528 | LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection — langsmith-sdkCWE-918 | 5.8 | Medium | 2026-02-09 |
This page lists every published CVE security advisory associated with langchain-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.