Vulnerabilidades em langchain-ai
39 resultadosCVE-2026-26019MEDIUM@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validationEPSS 0.4%CVE-2024-10940MEDIUMExposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchainEPSS 0.4%CVE-2024-5998MEDIUMDeserialization of Untrusted Data in langchain-ai/langchainEPSS 0.4%CVE-2024-7042MEDIUMPrompt Injection in langchain-ai/langchainjs Leading to SQL InjectionEPSS 0.3%CVE-2024-2965MEDIUMDenial-of-Service in LangChain SitemapLoader in langchain-ai/langchainEPSS 0.3%CVE-2026-25750HIGHLangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrlEPSS 0.3%CVE-2026-25528MEDIUMLangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header InjectionEPSS 0.3%CVE-2026-40087MEDIUMLangChain has incomplete f-string validation in prompt templatesEPSS 0.3%CVE-2026-40190MEDIUMLangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`EPSS 0.2%CVE-2026-48775MEDIUMLangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loadingEPSS 0.2%CVE-2026-41481MEDIUMLangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect BypassEPSS 0.2%CVE-2026-41182MEDIUMLangSmith SDK: Streaming token events bypass output redactionEPSS 0.2%CVE-2026-27795MEDIUMLangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoaderEPSS 0.2%CVE-2026-45134HIGHLangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warningEPSS 0.2%CVE-2026-48776MEDIUMLangGraph SDK has unsafe URL path constructionEPSS 0.2%CVE-2025-64104HIGHLangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStoreEPSS 0.2%CVE-2026-55443MEDIUMLangChain: Path traversal and sandbox escape in LangChain file-search middleware and loadersEPSS 0.2%CVE-2025-8709HIGHSQL Injection in langchain-ai/langchainEPSS 0.2%CVE-2026-41488LOWangchain-openai: Image token counting SSRF protection can be bypassed via DNS rebindingEPSS 0.2%