Langchain

Langchain

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.1

CVE-2026-27795

  • EPSS 0.03%
  • Veröffentlicht 25.02.2026 17:30:01
  • Zuletzt bearbeitet 27.02.2026 14:06:59

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allo...

3.7

CVE-2026-26013

  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 21:51:07
  • Zuletzt bearbeitet 11.02.2026 15:27:26

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled mode...

7.5

CVE-2024-58340

Exploit
  • EPSS 0.08%
  • Veröffentlicht 12.01.2026 23:05:00
  • Zuletzt bearbeitet 21.01.2026 17:57:56

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone ...

8.3

CVE-2025-65106

  • EPSS 0.07%
  • Veröffentlicht 21.11.2025 21:43:02
  • Zuletzt bearbeitet 25.11.2025 22:16:42

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python objec...

7.3

CVE-2025-8709

  • EPSS 0.04%
  • Veröffentlicht 26.10.2025 05:38:55
  • Zuletzt bearbeitet 28.10.2025 15:16:13

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of...

7.5

CVE-2025-6985

  • EPSS 0.21%
  • Veröffentlicht 06.10.2025 17:58:29
  • Zuletzt bearbeitet 08.10.2025 19:38:32

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are...

9.8

CVE-2025-46059

  • EPSS 0.17%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 04.08.2025 00:15:29

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: t...

10

CVE-2025-2828

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.06.2025 20:42:28
  • Zuletzt bearbeitet 16.07.2025 19:46:41

A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27....

9.8

CVE-2024-8309

Exploit
  • EPSS 2.99%
  • Veröffentlicht 29.10.2024 13:15:10
  • Zuletzt bearbeitet 01.11.2024 19:19:20

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by de...

9.8

CVE-2024-7042

Exploit
  • EPSS 0.06%
  • Veröffentlicht 29.10.2024 13:15:08
  • Zuletzt bearbeitet 31.10.2024 18:36:30

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltr...