Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langchain-core@0.3.81
Typepypi
Namespace
Namelangchain-core
Version0.3.81
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.85
Latest_non_vulnerable_version1.3.3
Affected_by_vulnerabilities
0
url VCID-61vg-ekxn-hqfv
vulnerability_id VCID-61vg-ekxn-hqfv
summary 
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
The `ChatOpenAI.get_num_tokens_from_messages()` method fetches arbitrary `image_url` values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26013.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26013.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26013
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05476
published_at 2026-06-07T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05492
published_at 2026-06-05T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05475
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26013
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:26:20Z/
url https://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565
4
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:26:20Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438772
reference_id 2438772
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438772
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26013
reference_id CVE-2026-26013
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26013
7
reference_url https://github.com/advisories/GHSA-2g6r-c272-w58r
reference_id GHSA-2g6r-c272-w58r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2g6r-c272-w58r
8
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r
reference_id GHSA-2g6r-c272-w58r
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:26:20Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r
fixed_packages
0
url pkg:pypi/langchain-core@1.2.11
purl pkg:pypi/langchain-core@1.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rn2w-tbct-4ygj
1
vulnerability VCID-z7kv-vrhw-1qad
2
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.11
aliases CVE-2026-26013, GHSA-2g6r-c272-w58r
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61vg-ekxn-hqfv
1
url VCID-rn2w-tbct-4ygj
vulnerability_id VCID-rn2w-tbct-4ygj
summary 
LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call `load()` with `allowed_objects="all"`. This does not enable arbitrary Python object deserialization, but it does allow any trusted LangChain-serializable object to be revived, which is broader than these runtime paths require. As a result, attacker-supplied LangChain serialized constructor dictionaries may cause trusted runtime paths to instantiate classes with untrusted constructor arguments.

Applications are exposed only when all of the following are true:

1. The application accepts untrusted structured input, such as JSON, from a user or network request.
2. The application does not validate or canonicalize that input into an inert schema before invoking LangChain.
3. Attacker-controlled nested dictionaries or lists are preserved in LangChain run inputs or outputs.
4. The application uses an affected API path that later deserializes that run data.

Known affected runtime surfaces include:

- `RunnableWithMessageHistory`
- `astream_log()`
- `astream_events(version="v1")`

Related unsafe deserialization patterns may also affect applications that explicitly load serialized LangChain prompt or runnable objects from untrusted sources, including shared prompt stores, Hub artifacts with model configuration, or other application-controlled serialization stores.

Applications that validate incoming requests against a fixed schema, such as coercing user input to a plain string or message-content field before invoking LangChain, are unlikely to expose this deserialization primitive.

This release also fixes a related secret-marker validation bypass in the serialization and deserialization layer (`_is_lc_secret`). That issue creates an additional path by which attacker-controlled constructor dictionaries can avoid escaping during `dumps()` -> `loads()` round-trips and reach LangChain object revival logic.

## Impact

An attacker who can submit untrusted structured input to an affected application, and have that structure preserved in LangChain run data, may be able to inject LangChain serialized constructor payloads such as:

```json
{
  "lc": 1,
  "type": "constructor",
  "id": ["langchain_core", "messages", "ai", "AIMessage"],
  "kwargs": {"content": "attacker-controlled content"}
}
```

If this payload reaches a broad `load()` call, LangChain may instantiate the referenced class instead of treating the payload as inert user data.

Realistic impacts include:

- Persistent chat-history poisoning when revived `AIMessage`, `HumanMessage`, or `SystemMessage` objects are stored by `RunnableWithMessageHistory`.
- Prompt injection or behavior manipulation if attacker-controlled messages are later included in model context.
- Instantiation of unexpected trusted LangChain objects with attacker-controlled constructor arguments.
- Possible credential disclosure or server-side requests if a reachable object reads environment credentials, creates clients, or contacts attacker-controlled endpoints during initialization.
- Additional prompt-template or runnable-configuration impacts in applications that separately load and execute untrusted serialized LangChain objects.

## Remediation

LangChain will deprecate the affected APIs as part of this fix:

- `RunnableWithMessageHistory`
- `astream_log()`
- `astream_events(version="v1")`

These are older code paths that are no longer recommended for new applications. They were not previously marked as deprecated, but recent LangChain documentation has primarily directed users toward newer streaming and memory patterns, including the `stream` API. Applications should migrate to the currently recommended APIs rather than continue depending on these older surfaces.

Separately, LangChain will update `load()` and `loads()` to tighten deserialization behavior so broad object revival is not applied implicitly to untrusted or application-controlled payloads. The older runtime surfaces listed above are being deprecated rather than preserved as supported paths for broad runtime deserialization.

This release also fixes a related secret-marker validation bypass in the serialization and deserialization layer (`_is_lc_secret`). That issue creates an additional path by which attacker-controlled constructor dictionaries can avoid escaping during `dumps()` -> `loads()` round-trips and reach LangChain object revival logic.

## Guidance for `load()` and `loads()`

`load()` and `loads()` should be used only with trusted LangChain manifests or serialized objects from trusted storage. Do not pass user-controlled data to `load()` or `loads()`, and do not use them as general parsers for request bodies, tool inputs, chat messages, or other attacker-controlled data.

`load()` and `loads()` are beta APIs, and their behavior may change as LangChain narrows unsafe defaults. Future LangChain versions will require callers to be explicit about which objects may be revived. Users should pass a narrow `allowed_objects` value appropriate for the specific trusted manifest they are loading, rather than relying on broad defaults or `allowed_objects="all"`, which permits the full trusted LangChain serialization allowlist.

## Credits

The original issue was first reported by @u-ktdi.

Similar findings were reported by @dewankpant, @shrutilohani, @Moaaz-0x, @pucagit.

A related `_is_lc_secret` marker bypass affecting `dumps()` -> `loads()` round-trips was reported by @yardenporat353 (and a similar report by @localhost-detect)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44843
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14198
published_at 2026-06-07T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.1423
published_at 2026-06-05T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14233
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44843
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-pjwx-r37v-7724
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:06:50Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-pjwx-r37v-7724
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44843
reference_id CVE-2026-44843
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-44843
4
reference_url https://github.com/advisories/GHSA-pjwx-r37v-7724
reference_id GHSA-pjwx-r37v-7724
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pjwx-r37v-7724
fixed_packages
0
url pkg:pypi/langchain-core@0.3.85
purl pkg:pypi/langchain-core@0.3.85
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.85
1
url pkg:pypi/langchain-core@1.3.3
purl pkg:pypi/langchain-core@1.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.3.3
aliases CVE-2026-44843, GHSA-pjwx-r37v-7724
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn2w-tbct-4ygj
2
url VCID-z7kv-vrhw-1qad
vulnerability_id VCID-z7kv-vrhw-1qad
summary langchain: incomplete f-string validation in prompt templates
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40087.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40087.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40087
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17482
published_at 2026-06-07T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17523
published_at 2026-06-05T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17518
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40087
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b
4
reference_url https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258
5
reference_url https://github.com/langchain-ai/langchain/pull/36612
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/pull/36612
6
reference_url https://github.com/langchain-ai/langchain/pull/36613
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/pull/36613
7
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84
8
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28
9
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40087
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40087
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457024
reference_id 2457024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457024
12
reference_url https://github.com/advisories/GHSA-926x-3r5x-gfhw
reference_id GHSA-926x-3r5x-gfhw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-926x-3r5x-gfhw
fixed_packages
0
url pkg:pypi/langchain-core@0.3.84
purl pkg:pypi/langchain-core@0.3.84
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rn2w-tbct-4ygj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.84
1
url pkg:pypi/langchain-core@0.4.0.dev0
purl pkg:pypi/langchain-core@0.4.0.dev0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.4.0.dev0
2
url pkg:pypi/langchain-core@1.2.28
purl pkg:pypi/langchain-core@1.2.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rn2w-tbct-4ygj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.28
aliases CVE-2026-40087, GHSA-926x-3r5x-gfhw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7kv-vrhw-1qad
3
url VCID-zb77-fwdy-dbfy
vulnerability_id VCID-zb77-fwdy-dbfy
summary langchain: path traversal in legacy load_prompt functions in langchain-core
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34070.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34070.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34070
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10901
published_at 2026-06-05T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.1089
published_at 2026-06-06T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.11373
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34070
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:17:33Z/
url https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c
4
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core==1.2.22
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:17:33Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core==1.2.22
5
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff54
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:17:33Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff54
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34070
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34070
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453287
reference_id 2453287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453287
8
reference_url https://github.com/advisories/GHSA-qh6h-p6c9-ff54
reference_id GHSA-qh6h-p6c9-ff54
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh6h-p6c9-ff54
fixed_packages
0
url pkg:pypi/langchain-core@1.2.22
purl pkg:pypi/langchain-core@1.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rn2w-tbct-4ygj
1
vulnerability VCID-z7kv-vrhw-1qad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.22
aliases CVE-2026-34070, GHSA-qh6h-p6c9-ff54
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zb77-fwdy-dbfy
Fixing_vulnerabilities
0
url VCID-8fbt-6heb-uyg1
vulnerability_id VCID-8fbt-6heb-uyg1
summary 
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
A serialization injection vulnerability exists in LangChain's `dumps()` and `dumpd()` functions. The functions do not escape dictionaries with `'lc'` keys when serializing free-form dictionaries. The `'lc'` key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68664.json
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68664
reference_id
reference_type
scores
0
value 0.02624
scoring_system epss
scoring_elements 0.85979
published_at 2026-06-06T12:55:00Z
1
value 0.02624
scoring_system epss
scoring_elements 0.85975
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68664
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
4
reference_url https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
5
reference_url https://github.com/langchain-ai/langchain/pull/34455
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/pull/34455
6
reference_url https://github.com/langchain-ai/langchain/pull/34458
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/pull/34458
7
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
8
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2424790
reference_id 2424790
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2424790
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52514.py
reference_id CVE-2025-68664
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52514.py
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68664
reference_id CVE-2025-68664
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68664
12
reference_url https://github.com/advisories/GHSA-c67j-w6g6-q2cm
reference_id GHSA-c67j-w6g6-q2cm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c67j-w6g6-q2cm
13
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
reference_id GHSA-c67j-w6g6-q2cm
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
14
reference_url https://access.redhat.com/errata/RHSA-2026:0406
reference_id RHSA-2026:0406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0406
15
reference_url https://access.redhat.com/errata/RHSA-2026:0408
reference_id RHSA-2026:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0408
16
reference_url https://access.redhat.com/errata/RHSA-2026:0409
reference_id RHSA-2026:0409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0409
17
reference_url https://access.redhat.com/errata/RHSA-2026:1610
reference_id RHSA-2026:1610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1610
fixed_packages
0
url pkg:pypi/langchain-core@0.3.81
purl pkg:pypi/langchain-core@0.3.81
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-rn2w-tbct-4ygj
2
vulnerability VCID-z7kv-vrhw-1qad
3
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.81
1
url pkg:pypi/langchain-core@0.4.0.dev0
purl pkg:pypi/langchain-core@0.4.0.dev0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.4.0.dev0
2
url pkg:pypi/langchain-core@1.2.5
purl pkg:pypi/langchain-core@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-rn2w-tbct-4ygj
2
vulnerability VCID-z7kv-vrhw-1qad
3
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.5
aliases CVE-2025-68664, GHSA-c67j-w6g6-q2cm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fbt-6heb-uyg1
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.81