Known Vulnerabilities for products from Langchain

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Langchain".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-55443 json Not Provided 2026-06-22 2026-06-22
CVE-2026-48776 json LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Pyt... Not Provided 2026-06-17 2026-06-26
CVE-2026-48775 json LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via a... Not Provided 2026-06-16 2026-06-24
CVE-2026-45401 json Not Provided 2026-05-15 2026-05-18
CVE-2026-45134 json Not Provided 2026-05-27 2026-05-27
CVE-2026-44843 json LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains olde... Not Provided 2026-05-26 2026-05-29
CVE-2026-41488 json LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size()... Not Provided 2026-04-24 2026-04-28
CVE-2026-41481 json Not Provided 2026-04-24 2026-06-30
CVE-2026-40190 json LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/Ty... Not Provided 2026-04-10 2026-07-07
CVE-2026-40087 json LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string p... Not Provided 2026-04-09 2026-04-16
CVE-2026-34070 json LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in lan... Not Provided 2026-03-31 2026-07-10
CVE-2026-28277 json LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via a... Not Provided 2026-03-05 2026-04-21
CVE-2026-27795 json LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request ... Not Provided 2026-02-25 2026-04-13
CVE-2026-14742 json Not Provided 2026-07-05 2026-07-06
CVE-2026-14630 json Not Provided 2026-07-04 2026-07-06
CVE-2026-7847 json Not Provided 2026-05-05 2026-05-05
CVE-2023-46229 json LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an extern... 8.8 - HIGH 2023-10-19 2023-10-25
CVE-2023-44467 json langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain... 9.8 - CRITICAL 2023-10-09 2023-10-12
CVE-2023-39659 json An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted scri... 9.8 - CRITICAL 2023-08-15 2023-08-22
CVE-2023-39631 json An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in t... 9.8 - CRITICAL 2023-09-01 2023-09-06
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report