CVE-2026-40087
- EPSS 0.04%
- Veröffentlicht 09.04.2026 20:16:27
- Zuletzt bearbeitet 16.04.2026 20:48:43
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and...
CVE-2026-26013
- EPSS 0.02%
- Veröffentlicht 10.02.2026 21:51:07
- Zuletzt bearbeitet 17.03.2026 20:30:07
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled mode...
CVE-2025-68664
- EPSS 0.04%
- Veröffentlicht 23.12.2025 22:47:44
- Zuletzt bearbeitet 13.01.2026 15:58:23
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with ...