LangChain has incomplete f-string validation in prompt templates
Summary
| CVE | CVE-2026-40087 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-09 20:16:27 UTC |
| Updated | 2026-04-16 20:48:43 UTC |
| Description | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28. |
Risk And Classification
Primary CVSS: v3.1 5.3 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS: 0.000480000 probability, percentile 0.146550000 (date 2026-04-15)
Problem Types: CWE-1336 | CWE-1336 CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | CNA | DECLARED | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Langchain | Langchain Core | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Langchain-ai | Langchain | affected < 0.3.83 | Not specified |
| CNA | Langchain-ai | Langchain | affected >= 1.0.0a1, < 1.2.28 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28 | [email protected] | github.com | Product, Release Notes |
| github.com/langchain-ai/langchain/pull/36612 | [email protected] | github.com | Issue Tracking, Patch |
| github.com/langchain-ai/langchain/pull/36613 | [email protected] | github.com | Issue Tracking, Patch |
| github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a... | [email protected] | github.com | Patch |
| github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db377... | [email protected] | github.com | Patch |
| github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw | [email protected] | github.com | Mitigation, Vendor Advisory |
| github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84 | [email protected] | github.com | Product, Release Notes |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.