All 6 CVE vulnerabilities found in langchain, with AI-generated Chinese analysis, references, and POCs.
Vendor: langchain-ai
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40087 | LangChain has incomplete f-string validation in prompt templates CWE-1336 | 5.3 | Medium | 2026-04-09 |
| CVE-2026-34070 | LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions CWE-22 | 7.5 | High | 2026-03-31 |
| CVE-2026-26013 | LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages CWE-918 | 3.7 | Low | 2026-02-10 |
| CVE-2024-58340 | LangChain <= 0.3.1 MRKLOutputParser ReDoS CWE-1333 | 7.5AI | HighAI | 2026-01-12 |
| CVE-2025-68664 | LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs CWE-502 | 9.3 | Critical | 2025-12-23 |
| CVE-2025-65106 | LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates CWE-1336 | 8.8 | - | 2025-11-21 |
All 6 known CVE vulnerabilities affecting langchain with full Chinese analysis, references, and POCs where available.