Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.5

LangChain Core: Unsecured File Access through User Config

GHSA-qh6h-p6c9-ff54 CVE-2026-34070 CVE-2026-34070 GHSA-qh6h-p6c9-ff54 ECHO-34c7-ca18-1a8c
Summary

LangChain Core's legacy loading functions can read arbitrary files on the host filesystem when user-influenced config is passed to them. This can happen if an attacker can control prompt configurations, allowing them to read files with specific extensions. Update to the latest version of LangChain Core and avoid using the legacy APIs, which are marked as deprecated and will be removed in version 2.0.0.

What to do
  • Update langchain-core to version 1.2.22.
  • Update langchain-core to version 1.2.21+echo.1.
Affected software
Ecosystem VendorProductAffected versions
pip langchain-core < 1.2.22
Fix: upgrade to 1.2.22
PyPI langchain-core < 1.2.21+echo.1
Fix: upgrade to 1.2.21+echo.1
Original title
ECHO-34c7-ca18-1a8c
Original description
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (.txt for templates, .json/.yaml for examples). This issue has been patched in version 1.2.22.
ghsa CVSS3.1 7.5
Vulnerability type
CWE-22 Path Traversal
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 27 Mar 2026