LangChain serialization injection vulnerability enables secret extraction
Description
LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@langchain/corenpm | >= 1.0.0, < 1.1.8 | 1.1.8 |
@langchain/corenpm | < 0.3.80 | 0.3.80 |
langchainnpm | >= 1.0.0, < 1.2.3 | 1.2.3 |
langchainnpm | < 0.3.37 | 0.3.37 |
Affected products
29- Range: @langchain/anthropic==1.0.0, @langchain/anthropic@1.1.0, @langchain/anthropic@1.1.1, …
- osv-coords28 versionspkg:apk/chainguard/kibana-8.17pkg:apk/chainguard/kibana-8.17-bitnamipkg:apk/chainguard/kibana-8.17-iamguardedpkg:apk/chainguard/kibana-8.18pkg:apk/chainguard/kibana-8.18-bitnamipkg:apk/chainguard/kibana-8.18-iamguardedpkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.0pkg:apk/chainguard/kibana-9.0-bitnamipkg:apk/chainguard/kibana-9.0-iamguardedpkg:apk/chainguard/kibana-9.1pkg:apk/chainguard/kibana-9.1-bitnamipkg:apk/chainguard/kibana-9.1-iamguardedpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:apk/chainguard/langfuse-2pkg:apk/chainguard/langfuse-2-compatpkg:apk/chainguard/langfuse-2-workerpkg:apk/chainguard/langfuse-fips-2pkg:apk/chainguard/langfuse-fips-2-compatpkg:apk/chainguard/langfuse-fips-2-workerpkg:apk/chainguard/librechatpkg:apk/chainguard/librechat-compatpkg:apk/chainguard/librechat-devpkg:npm/%40langchain/corepkg:npm/langchain
< 8.17.10-r6+ 27 more
- (no CPE)range: < 8.17.10-r6
- (no CPE)range: < 8.17.10-r6
- (no CPE)range: < 8.17.10-r6
- (no CPE)range: < 8.18.8-r6
- (no CPE)range: < 8.18.8-r6
- (no CPE)range: < 8.18.8-r6
- (no CPE)range: < 8.19.9-r2
- (no CPE)range: < 8.19.9-r2
- (no CPE)range: < 8.19.9-r2
- (no CPE)range: < 9.0.8-r5
- (no CPE)range: < 9.0.8-r5
- (no CPE)range: < 9.0.8-r5
- (no CPE)range: < 9.1.9-r1
- (no CPE)range: < 9.1.9-r1
- (no CPE)range: < 9.1.9-r1
- (no CPE)range: < 9.2.3-r1
- (no CPE)range: < 9.2.3-r1
- (no CPE)range: < 2.95.12-r4
- (no CPE)range: < 2.95.12-r4
- (no CPE)range: < 2.95.12-r4
- (no CPE)range: < 2.95.12-r4
- (no CPE)range: < 2.95.12-r4
- (no CPE)range: < 2.95.12-r4
- (no CPE)range: < 0.8.1-r1
- (no CPE)range: < 0.8.1-r1
- (no CPE)range: < 0.8.1-r1
- (no CPE)range: >= 1.0.0, < 1.1.8
- (no CPE)range: >= 1.0.0, < 1.2.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-r399-636x-v7f6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-68665ghsaADVISORY
- github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.